CVE-2023-51530

CVE-2023-51530 describes a Cross-Site Request Forgery (CSRF) vulnerability in the GS Logo Slider plugins (Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation) affecting versions up to 3.5.1. The CVE entry and related sources confirm CSRF as the underlying issue, ...

CentOS 9 : gstreamer1-plugins-good-1.18.4-6.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the gstreamer1-plugins-good-1.18.4-6.el9 build changelog. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while...

CentOS 9 : containernetworking-plugins-1.3.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the containernetworking-plugins-1.3.0-2.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a...

CVE-2024-0767

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

Cross site request forgery (csrf)

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

CVE-2024-0767

CVE-2024-0767 (Envo's Elementor Templates & Widgets for WooCommerce) is a CSRF in the plugin’s ajax_plugin_activation path that can let unauthenticated attackers activate arbitrary plugins if an admin is tricked into performing an action. The vulnerability affects WordPress installations using th...

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

WordPress Plugin Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Disable Json API, Login...

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Plugin Activation via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxpluginactivation function, allowing unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into...

MikroTik RouterOS Uncontrolled Resource Consumption (CVE-2012-6050)

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service CPU consumption, read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. This plugin only works wi...

@adamlonsdale/backstage-plugin-armorcode-backend (>=0.0.1-alpha <=0.0.4), @austin-garrard/backstage-plugin-backend (>=0.0.1 <=0.0.1-alpha.22) +188 more potentially affected by CVE-2024-26150 via @backstage/backend-common (>=0.0.0-nightly-20220708025041 <=0.17.0)

@backstage/backend-common NPM version =0.0.0-nightly-20220708025041, =0.0.1-alpha, =0.0.1, =0.0.1, =0.1.0, =0.0.0-nightly-20220709024234, =0.0.0-nightly-20220811024336, =0.0.0-nightly-20240116021644, =0.0.0-nightly-20220709024234, =0.0.0-nightly-2022042277, =0.0.0-nightly-2021782186,...

CVE-2024-1360

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

CVE-2024-1360 Colibri WP <= 1.0.94 - Cross-Site Request Forgery to Limited Plugin Installation

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

CVE-2024-24837 Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins

Cross-Site Request Forgery CSRF vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; ...

WordPress 6.4.3 Username Disclosure

Title: wordpress 6.4.3 - Username Disclosure Author: h4shur date:2024-02-21 Vendor Homepage: https://www.wordpress.org Software Link: https://www.wordpress.org/download Version: 6.4.3 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : the REST API allo...

WordPress 6.4.3 Username Disclosure Vulnerability

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability. Title: wordpress 6.4.3 - Username Disclosure Author: h4shur Vendor Homepage: https://www.wordpress.org Software Link: https://www.wordpress.org/download Version: 6.4.3 and earlier Tested...

Advisory ROSA-SA-2024-2357

software: libvpx 1.10.0 OS: ROSA-CHROME packageevrstring: libvpx-1.10.0-4.src.rpm CVE-ID: CVE-2023-40474 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The MXF file demultiplexer in GStreamer plugins has encountered a heap buffer overflow bug when processing distorted uncompressed video files. This iss...

Advisory ROSA-SA-2024-2346

Software: gstreamer1-plugins-bad-free 1.10.4 OS: rosa-server79 packageevrstring: gstreamer1-plugins-bad-free-1.10.4-4.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...

Advisory ROSA-SA-2024-2344

Software: gstreamer-plugins-bad-free 0.10.23 OS: rosa-server79 packageevrstring: gstreamer-plugins-bad-free-0.10.23-24.res7 CVE-ID: CVE-2023-44446 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A post-release usage error was detected in the MXF demultiplexer in GStreamer when processing some MXF video...