GHSA-7CH4-RR99-CQCW gatsby-transformer-remark has possible unsanitized JavaScript code injection

Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when...

CVE-2022-4701

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

Improper access control

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

VulnCheck KEV: CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

PT-2023-15131 · WordPress · Media Library Assistant +3

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr activate required plugins' AJAX action. This allows any authenticated user,...

VulnCheck KEV: CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfixroyalcompatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin...

CVE-2018-25070

CVE-2018-25070 affects polterguy Phosphorus Five up to 8.2. The vulnerability is in the CSV Import component, specifically the function csv.Read in plugins/extras/p5.mysql/NonQuery.cs, which leads to a SQL injection. Upgrading to version 8.3 addresses the issue (patch: c179a3d0703db55cfe0cb939b89...

Malware targets 30 unpatched WordPress plugins

If you make use of plugins on your WordPress site and you probably do, its time to take a good look at whats running under the hood. Ars Technica reports that unpatched vulnerabilities being exploited across no fewer than 30 plugins. A long list of plugin problems If you own or operate a website...

CVE-2020-36639

A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amxvotemap leads to path traversal. The...

CVE-2020-36639

A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amxvotemap leads to path traversal. The...

Path traversal

A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amxvotemap leads to path traversal. The...

WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious...

Booster for WooCommerce - Multiple CSRF

The plugins have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2022-37785

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins...

CVE-2022-37785

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins...

[SECURITY] Fedora 37 Update: OpenImageIO-2.4.6.1-1.fc37

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

CVE-2022-37785

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins...

CVE-2022-37785

CVE-2022-37785 affects WeCube Platform 3.2.2. The issue is that cleartext passwords are displayed in the configuration for terminal plugins, exposing sensitive credentials in the configuration interface. The connected sources confirm the affected product/version and the exact weakness but do not ...

PT-2023-13552 · Unknown · Wecube Platform

Name of the Vulnerable Software and Affected Versions: WeCube Platform version 3.2.2 Description: An issue was discovered where cleartext passwords are displayed in the configuration for terminal plugins. Recommendations: For WeCube Platform version 3.2.2, consider restricting access to the...

Fedora: Security Advisory for trafficserver (FEDORA-2022-62b61a8542)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...