PT-2024-34034 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress plugins versions 1.3.4 through 3.5.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library due to insufficient input sanitization and output escaping on user-supplied...

WordPress plugin多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

PoC Authentication Bypass MFA Really Simple Security WordPress...

vue-i18n has cross-site scripting vulnerability with prototype pollution

Vulnerability type XSS Description vue-i18n can be passed locale messages to createI18n or useI18n. we can then translate them using t and $t. vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST. In order to maximize the performance of the translation...

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

CVE-2024-53739 WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

CVE-2024-52959

A Improper Control of Generation of Code 'Code Injection' vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file...

Malicious code in vs-table-plugins-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca3296c3762b2860ae5450c32d26bec2d9e80c794905d8063b43474d5dc16802 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11114 Malicious code in vs-table-plugins-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca3296c3762b2860ae5450c32d26bec2d9e80c794905d8063b43474d5dc16802 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

container-tools:ol8 security update

aardvark-dns buildah 2:1.33.11-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 https://github.com/containers/buildah/commit/fe85f0d - Resolves: RHEL-61853 2:1.33.10-1 - update to the latest content of...

Jenkins plugins Multiple Vulnerabilities (2024-11-27)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. CVE-2024-47855 - Jenkins Simple Queue Plugin 1.4.4...

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2024-11202

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cmindsfreeguide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-11202 Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cmindsfreeguide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-11202 Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cmindsfreeguide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-11202

CVE-2024-11202 affects multiple WordPress plugins that implement the cminds_free_guide shortcode. Root cause: insufficient input sanitization and output escaping, enabling unauthenticated attackers to trigger Reflected XSS in pages executed after user action. CVSS: 6.1 (Medium); attack vector NET...

WordPress plugin多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

org.keycloak:keycloak-guides (>=18.0.0 <=18.0.2), org.keycloak:keycloak-guides-maven-plugin (>=18.0.0 <=18.0.2) +3 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=18.0.0 <=18.0.2)

org.keycloak:keycloak-quarkus-server MAVEN version =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.0, =18.0.2 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...

com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +97 more potentially affected by CVE-2024-10270 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=24.0.5)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.1.23, =1.1.28 and more Source cves: CVE-2024-10270 Source advisory: OSV:GHSA-WQ8X-CG39-8MRR...