104 matches found
WordPress Plugin Management App for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
OESA-2024-1294 aops-zeus security update
A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...
OESA-2024-1293 aops-zeus security update
A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...
OESA-2024-1291 aops-zeus security update
A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...
OESA-2024-1292 aops-zeus security update
A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...
CVE-2023-47200
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...
EUVD-2020-24161
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated attacker...
PT-2023-11861
Name of the Vulnerable Software and Affected Versions The ListingPro - WordPress Directory & Listing Theme for WordPress versions prior to 2.6.1 Description The issue is related to a missing capability check on the lp cc addons actions function, allowing unauthenticated attackers to install,...
OneKeyAdmin 安全漏洞
OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! OneKeyAdmin v1.3.9 version of a security vulnerability , the vulnerability stems from the existence of...
CVE-2022-1658
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
gradle: repository content filters do not work in Settings pluginManagement
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...
GHSA-RQGJ-RQFR-5J6F MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code if CSP allows it in managepluginpage.php and managepluginuninstall.php when a crafted plugin is installed...
CVE-2022-26144
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code if CSP allows it in managepluginpage.php and managepluginuninstall.php when a crafted plugin is installed...
MCMS Arbitrary File Deletion vulnerability
net.mingsoft:ms-basic is used for plugin management for applications built with Maven for the Mingfei Content Management System MCMS. ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to /template/writeFileContent via the oldFileName parameter. MCMS before 5.2.11...
CVE-2021-24528
The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Side Menu Lite â add sticky fixed buttonsâ is vulnerable to a SQL injection vulnerability...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
Sql injection
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...