CVE-2024-6158

The CVE-2024-6158 issue affects two WordPress widgets: Category Posts Widget (plugins) up to version 4.9.17, and Term-and-Category-Based-Posts-Widget up to 4.9.13. Root cause: both fail to validate and escape certain Category Posts widget settings before echoing them in a page/post, enabling stor...

CVE-2024-31290 WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1...

CVE-2024-0951 Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-2390

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin...

CVE-2022-3911 iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...

CVE-2022-1548 Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins...

Privilege escalation

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...

WordPress Buddypress 1.9.1 Privilege Escalation Vulnerability

WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability. Vulnerability: Wordpress plugin Buddypress 2 Visit the url http://example.com/groups/create/step/group-details/ 3 Enjoy the power 0day.today 2018-04-01...

GLSA-200503-30 : Mozilla Suite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-30 Mozilla Suite: Multiple vulnerabilities The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape...