CVE-2024-27130

creationtimestamp| type| source ---|---|--- 2024-05-17 10:46:29+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/7326 2024-05-17 13:15:37+00:00| published-proof-of-concept| https://t.me/proxybar/2084 2024-05-18 01:45:02+00:00| published-proof-of-concept| https://t.me/DARKSPOTTEAM/431...

WordPress plugin YARPP 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-4204 Bulk Posts Editing For WordPress <= 4.2.3 - Cross-Site Request Forgery

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and...

WordPress Bulk Posts Editing For WordPress plugin <= 4.2.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Bulk Posts Editing For WordPress versions = 4.2.3...

PT-2024-29706 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the plugin's AJAX actions. This allows...

WordPress Bulk Posts Editing For WordPress Plugin <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bulk Posts Editing For WordPress Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4204 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9475f46fc3bd Credits...

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-4199

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...

BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDOR

Description The plugin contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: online-communities.demos.buddyboss.com Cookie:...

PT-2024-29678 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to a missing capability check on the plugin's AJAX actions. This allows authenticated attackers with subscriber acces...

CVE-2024-3070

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

CVE-2024-34427

Cross-Site Request Forgery CSRF vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8...

WordPress Bulk Posts Editing For WordPress plugin <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization vulnerability

Authenticated Subscriber+ Missing Authorization vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Bulk Posts Editing For WordPress versions = 4.2.3...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

WordPress theme Porto 安全漏洞

WordPress is a suite of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Porto version 7.1.0 and earlier...

Karma 安全漏洞

Karma is a simple tool. Allows execution of JavaScript code in multiple real browsers. A security vulnerability exists in Karma versions prior to 0.17.4.1, which stems from the fact that sending multiple post requests at the same time will bypass the cooldown validation...

WordPress Bulk Posts Editing For WordPress Plugin <= 4.2.3 is vulnerable to Broken Access Control

Software Bulk Posts Editing For WordPress Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 035d66af9f0b Credits Benedictus...

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...

CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

CVE-2024-3915

CVE-2024-3915 affects the Swift Framework WordPress plugin (versions up to and including 2.7.31). The root cause is a missing capability check in sf_edit_directory_item(), enabling unauthenticated attackers to modify arbitrary posts/content. Impact per available data is limited to integrity (LOW)...