6211 matches found
CVE-2024-51886
CVE-2024-51886: WordPress Posts Filter plugin
CVE-2024-11392
creationtimestamp| type| source ---|---|--- 2024-11-19 06:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1513/ 2024-12-07 11:15:59+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9336 2025-02-13 23:10:44+00:00| published-proof-of-concept|...
WordPress plugin Posts Filter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-52433
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2...
CVE-2024-52433
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...
CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2...
CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...
PT-2024-35273 · Unknown · My Geo Posts Free
Name of the Vulnerable Software and Affected Versions: My Geo Posts Free versions 1.2 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can be exploited due to the deserialization of untrusted data, potentially leading to...
CVE-2024-52409
Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through = 0.3.3...
CVE-2024-52409 WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Phan An AJAX Random Posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through 0.3.3...
CVE-2024-52409
CVE-2024-52409 refers to a Deserialization of Untrusted Data vulnerability in the WordPress plugin AJAX Random Posts (versions up to 0.3.3). The issue enables PHP Object Injection through untrusted data handling. Affected software is AJAX Random Posts; the known vulnerable range is
CVE-2024-52409 WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through = 0.3.3...
WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin My Geo Posts Free versions = 1.2...
CVE-2024-10924
creationtimestamp| type| source ---|---|--- 2024-11-15 03:21:28+00:00| seen| https://infosec.exchange/users/cve/statuses/113484817218664208 2024-11-15 06:03:04+00:00| seen| https://t.me/cvedetector/11036 2024-11-15 18:00:06+00:00| seen| https://t.me/truesecator/6438 2024-11-17 21:32:48+00:00|...
WordPress My Geo Posts Free Plugin <= 1.2 is vulnerable to PHP Object Injection
Software My Geo Posts Free Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52433 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID abf48ca2de6d Credits Mika Required privilege Unauthenticated...
CVE-2024-10976
creationtimestamp| type| source ---|---|--- 2024-11-14 13:05:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113481449755283145 2024-11-14 14:59:09+00:00| seen| https://t.me/cvedetector/10948 2025-02-14 10:03:10+00:00| seen| Telegram/T7bmhZyyY3q44NdwHtBlh0uklY8nk4hbekeMxCZgwv81B...
CVE-2024-2550
creationtimestamp| type| source ---|---|--- 2024-11-13 17:00:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-2550 2024-11-13 18:38:44+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113477099455726632 2024-11-14 09:43:51+00:00| seen|...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin AJAX Random Posts versions = 0.3.3...
CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...