CVE-2024-11605 WP Publications <= 1.2 - Admin+ Stored XSS

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-55086

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery SSRF can be achieved in the plug-in download address in the backend management system...

CVE-2023-23834 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.3.0...

CVE-2023-47780 WordPress EasyAzon – Amazon Associates Affiliate Plugin plugin <= 5.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in flowdee EasyAzon easyazon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through = 5.1.0...

Exploit for Missing Authentication for Critical Function in Stacksmarket Stacks_Mobile_App_Builder

CVE-2024-50477 Stacks Mobile App Builder = 5.2.3 - Authent...

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

WhitePage <= 1.1.5 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability

Authenticated Remote Command Execution RCE vulnerability found by NinTechNet in WordPress Secure File Manager plugin versions = 2.5. Solution The plugin has been removed from the wordpress.org plugin repository. We highly recommend deleting this plugin from your WordPress sites. wordpress.org...

SUSE-SU-2015:2183-1 Security update for strongswan

The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin bsc953817...