WordPress Posts Filter Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Posts Filter Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51886 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cce848869b1c Credits SOPROBRO Required privilege Contributor...

PT-2024-16443 · WordPress · Content Slider Block

Name of the Vulnerable Software and Affected Versions: Content Slider Block plugin for WordPress versions prior to 3.1.6 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private, or draft posts via the csb...

PT-2024-16463 · WordPress · Attesa Extra

Name of the Vulnerable Software and Affected Versions: Attesa Extra plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns insufficient restrictions on which posts can be included via the attesa-template shortcode, leading to Information Exposure. This allows...

PT-2024-16469 · Unknown +1 · Skt Addons For Elementor +1

Name of the Vulnerable Software and Affected Versions: SKT Addons for Elementor versions up to, and including, 3.3 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that they should not ha...

WordPress Posts Search Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Posts Search Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51884 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9222a2124ac Credits SOPROBRO Required privilege Contributor...

PT-2024-16445 · WordPress · Countdown Timer Block Plugin

Name of the Vulnerable Software and Affected Versions: Countdown Timer block plugin for WordPress versions up to, and including, 1.2.4 Description: The Countdown Timer block plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts can be included via...

PT-2024-16643 · WordPress · Featured Posts Scroll

Name of the Vulnerable Software and Affected Versions: Featured Posts Scroll plugin for WordPress versions up to, and including, 1.25 Description: The issue is due to missing or incorrect nonce validation on a function, making it possible for unauthenticated attackers to update settings and injec...

CVE-2024-10928 MonoCMS Posts Page opensaved.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

CVE-2024-10928 MonoCMS Posts Page opensaved.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...

CVE-2024-10084

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...

CVE-2024-51739

creationtimestamp| type| source ---|---|--- 2024-11-05 18:13:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113431700097332580 2024-11-05 19:44:19+00:00| seen| https://t.me/cvedetector/9918 2025-04-28 21:02:19+00:00| seen|...

CVE-2024-9689

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack...

PT-2024-16017 · WordPress · Contact Form 7 – Dynamic Text Extension

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions prior to 4.5.0 Description: The Contact Form 7 – Dynamic Text Extension plugin for WordPress has a Basic Information Disclosure issue. This makes it possible for...

GO-2024-3235 Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server

Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Featured Posts Scroll versions = 1.25...

WordPress Featured Posts Scroll Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF)

Software Featured Posts Scroll Type Plugin Vulnerable versions = 1.25 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51647 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4e8c9b0726a9 Credits SOPROBRO Require...

WordPress plugin YARPP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Marquee Elementor with Posts plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Marquee Elementor with Posts versions = 1.2.0...