WordPress Plugin Job Manager & Career Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in t...

PT-2023-25773 · WordPress · Activitypub

Name of the Vulnerable Software and Affected Versions: ActivityPub WordPress plugin versions prior to 1.0.0 Description: The issue allows any authenticated user to retrieve the title of arbitrary posts, including drafts and private ones, via an IDOR vector. This occurs because the plugin does not...

PT-2023-27410 · WordPress · Simple Blog Card

Name of the Vulnerable Software and Affected Versions: Simple Blog Card WordPress plugin version 1.32 and earlier Description: The issue allows any authenticated user to retrieve arbitrary post titles and their content, including drafts, private posts, and password-protected ones, because the...

PT-2023-11863 · Activello +1 · Activello +2

Name of the Vulnerable Software and Affected Versions: The Brilliance versions prior to 1.2.8 Activello versions prior to 1.4.1 Newspaper X versions prior to 1.3.2 Description: The issue is related to the lack of capability and security checks/nonces in the activello activate plugin and activello...

CVE-2022-46864 WordPress Woocommerce Custom Checkout Fields Editor With Drag & Drop Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin = 0.1 versions...

CVE-2023-0546 FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

CVE-2022-4758 10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode

The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

SUSE-SU-2022:2543-1 Security update for s390-tools

This update of s390-tools fixes the following issues: - Fixed KMIP plugin failing to connection to KMIP server. When a zkey key repository is bound to the KMIP plugin, and the connection to the KMIP server is to be configired using command 'zkey kms configure --kmip-server ', it fails to connect ...

Shopware 跨站脚本漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. cross-site scripting vulnerability exists in versions of Shopware prior to 5.7.9, which stems from a lack of filtering and escaping of user data in the plugin. No detailed vulnerability details are available...

PT-2021-5420 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 2.10.2 Description: The issue is related to the uri-block plugin in Apache APISIX, which uses the $request uri variable without proper verification. This variable contains the full original request URI without...

UBUNTU-CVE-2020-25635

A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality...

PYSEC-2020-6

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

CVE-2012-1170

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough...

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...

kubernetes: Incorrect rule injection in CNI portmap plugin

Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...

CVE-2018-5659

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soontitle parameter...

On servers after installing the hotfix XA650R07W2K8R2X64017 the IMA service won't start.

On several servers after installing the hotfix XA650R07W2K8R2X64017 the IMA service won't start anymore although no error was returned during Hotfix installation. In the IMA Runtime registry, the Currently Loading Plugin will have MfSrvss.dll. Moreover, when checking the Certificate settings for...

FreeBSD : shibboleth2-sp -- 'Dynamic' metadata provider plugin issue (b4b7ec7d-ca27-11e7-a12d-6cc21735f730)

The Internet2 community reports : The Shibboleth Service Provider software includes a MetadataProvider plugin with the plugin type 'Dynamic' to obtain metadata on demand from a query server, in place of the more typical mode of downloading aggregates separately containing all of the metadata to...

WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass

WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage:...

CVE-2017-15255

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0."...