CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

CVE-2024-9289

The CVE-2024-9289 affects WordPress & WooCommerce Affiliate Program (WordPress) plugin versions

CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

Optigo Networks ONS-S8 - Spectra Aggregation Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...

PT-2024-39545 · WordPress · Wordpress & Woocommerce Affiliate Program

Name of the Vulnerable Software and Affected Versions: WordPress & WooCommerce Affiliate Program plugin versions up to, and including, 8.4.1 Description: The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass due to the rtwwwap login request...

WordPress plugin WordPress & WooCommerce Affiliate Program 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

CVE-2024-47067 Alist Contains a Reflected Cross-Site Scripting Vulnerability

AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...

CVE-2024-47067 Alist Contains a Reflected Cross-Site Scripting Vulnerability

AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...

CVE-2024-47067

CVE-2024-47067 affects AList, a file list program with multiple storages. The endpoint /i/:link_name reflects user input in an application/xml response, introducing a reflected XSS vulnerability via HTML/XHTML tags. The issue is fixed in version 3.29.0.

AList 安全漏洞

AList is a file listing program with multi-storage support by the individual developer Xhofe in China. A security vulnerability exists in AList versions prior to 3.29.0, which stems from the presence of a reflected cross-site scripting vulnerability...

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

WordPress plugin REST API TO MiniProgram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

WordPress REST API TO MiniProgram plugin <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover vulnerability

Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin REST API TO MiniProgram versions = 4.7.1...

PT-2024-39050 · WordPress · Rest Api To Miniprogram

Name of the Vulnerable Software and Affected Versions: REST API TO MiniProgram plugin for WordPress versions up to, and including, 4.7.1 Description: The issue is related to SQL Injection via the order parameter of the "/wp-json/watch-life-net/v1/comment/getcomments" API endpoint. This is due to...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

CVE-2024-8263

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. Thi...

CVE-2024-8770

CVE-2024-8770 describes a Cross-Site Scripting (XSS) vulnerability in the repository transfer feature of GitHub Enterprise Server. The issue affected all versions prior to the fixed releases and allowed attackers to steal sensitive user information via social engineering. Fixes were released in G...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...