WordPress plugin SKT Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Featured Posts Scroll 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Posts Filter plugin <= 1.3.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Posts Filter versions = 1.3.1...

WordPress Posts Search plugin <= 1.2.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Posts Search versions = 1.2.2...

WordPress Moka Get Posts Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Moka Get Posts Shortcode versions = 1.0...

WordPress Moka Get Posts Shortcode Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Moka Get Posts Shortcode Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51804 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6ae6cd5a20b Credits SOPROBRO Required privilege...

WordPress Posts Filter Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Posts Filter Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51886 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cce848869b1c Credits SOPROBRO Required privilege Contributor...

PT-2024-16443 · WordPress · Content Slider Block

Name of the Vulnerable Software and Affected Versions: Content Slider Block plugin for WordPress versions prior to 3.1.6 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private, or draft posts via the csb...

PT-2024-16463 · WordPress · Attesa Extra

Name of the Vulnerable Software and Affected Versions: Attesa Extra plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns insufficient restrictions on which posts can be included via the attesa-template shortcode, leading to Information Exposure. This allows...

PT-2024-16469 · Unknown +1 · Skt Addons For Elementor +1

Name of the Vulnerable Software and Affected Versions: SKT Addons for Elementor versions up to, and including, 3.3 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that they should not ha...

WordPress Posts Search Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Posts Search Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51884 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9222a2124ac Credits SOPROBRO Required privilege Contributor...

PT-2024-16445 · WordPress · Countdown Timer Block Plugin

Name of the Vulnerable Software and Affected Versions: Countdown Timer block plugin for WordPress versions up to, and including, 1.2.4 Description: The Countdown Timer block plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts can be included via...

PT-2024-16643 · WordPress · Featured Posts Scroll

Name of the Vulnerable Software and Affected Versions: Featured Posts Scroll plugin for WordPress versions up to, and including, 1.25 Description: The issue is due to missing or incorrect nonce validation on a function, making it possible for unauthenticated attackers to update settings and injec...

CVE-2024-10928 MonoCMS Posts Page opensaved.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

CVE-2024-10928 MonoCMS Posts Page opensaved.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...

CVE-2024-10084

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...

CVE-2024-51739

creationtimestamp| type| source ---|---|--- 2024-11-05 18:13:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113431700097332580 2024-11-05 19:44:19+00:00| seen| https://t.me/cvedetector/9918 2025-04-28 21:02:19+00:00| seen|...

CVE-2024-9689

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack...

PT-2024-16017 · WordPress · Contact Form 7 – Dynamic Text Extension

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions prior to 4.5.0 Description: The Contact Form 7 – Dynamic Text Extension plugin for WordPress has a Basic Information Disclosure issue. This makes it possible for...