RHSA-2012:0434 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2013:0254 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

RHSA-2011:0511 Red Hat Security Advisory: flash-plugin security update

Bulletin has no description...

CVE-2024-7129 Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins...

WordPress plugin Classified Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-5799 CM Pop-Up Banners for WordPress < 1.7.3 - Contributor+ Stored XSS

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks...

WordPress plugin Misiek Paypal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-7891

The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress plugin BackWPup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-38463 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.15.2 Description: The issue is due to the use of loose comparison in the verify id token function, making it possible for...

WordPress plugin Modern Events Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

WordPress wpDiscuz plugin <= 7.6.21 - Unauthenticated HTML Injection vulnerability

Unauthenticated HTML Injection vulnerability discovered by Tieu Pham Trong Nhan aptx4869 in WordPress Plugin wpDiscuz versions = 7.6.21...

PT-2024-35718 · WordPress · Breakdance

Name of the Vulnerable Software and Affected Versions: Breakdance plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

WordPress plugin CTT Expresso para WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-5582

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-5641 One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cedocorsavegeneralsetting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level...

An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins. After adding the malicious code to our...

CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importxmldata, xmldataimport, importoptiondata, importwidgets, and importcustomizersettings functions in all versions up to, and including, 1.6.2. This...

CVE-2024-4382

The CB legacy WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks...