CVE-2023-50886 WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability

Cross-Site Request Forgery CSRF, Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7...

Third-Party ChatGPT Plugins Could Lead to Account Takeovers

Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and with...

PT-2024-19622 · WordPress · Backuply

Name of the Vulnerable Software and Affected Versions: The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.2.7 Description: The issue allows attackers with an account that has only the activate plugins capability to access arbitrary files on the...

CVE-2024-28390

CVE-2024-28390 affects the Advanced Plugins ultimateimagetool module for PrestaShop prior to version 2.2.01. The issue permits a remote attacker to escalate privileges and access sensitive information due to improper access control in the module. Evidence from multiple sources confirms the vulner...

ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data

By Deeba Ahmed Critical security flaws found in ChatGPT plugins expose users to data breaches. Attackers could steal login details and… This is a post from HackRead.com Read the original post: ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data...

CVE-2024-27953

Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8...

CVE-2024-27953 WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8...

CVE-2024-1535

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.2 due to insufficient input sanitizati...

CVE-2023-6825 File Manager And File Manager Pro (Multiple Versions) - Directory Traversal

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

PT-2024-18643 · Wpforms +2 · Wpforms +2

Name of the Vulnerable Software and Affected Versions: The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplie...

Vela Security Breach

Github Vela is an application open-sourced by Github in the United States. It provides an automation framework. A security vulnerability exists in Vela 0.23.1 and earlier versions, which stems from a vulnerability that allows an attacker to replace variables to bypass log masking and inject secre...

Huawei EulerOS: Security Advisory for gstreamer-plugins-bad-free (EulerOS-SA-2024-1272)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-bad-free (EulerOS-SA-2024-1271)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : gstreamer-plugins-bad-free (EulerOS-SA-2024-1272)

According to the versions of the gstreamer-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow...

EulerOS 2.0 SP8 : gstreamer1-plugins-bad-free (EulerOS-SA-2024-1271)

According to the versions of the gstreamer1-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allo...

SUSE SLES15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2024:0793-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0793-1 advisory. - CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file bsc1217213. Tenable has extracted the preceding...

SUSE: Security Advisory (SUSE-SU-2024:0793-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: OpenStego-0.7.4-12.fc40

OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms...

[SECURITY] Fedora 40 Update: mojo-executor-2.4.0-9.fc40

The Mojo Executor provides a way to to execute other Mojos plugins within a Maven plugin, allowing you to easily create Maven plugins that are composed of other plugins...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88 WordPress...