CVE-2023-2026

The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2026

CVE-2023-2026 affects the Image Protector WordPress plugin (

CVE-2023-2026 Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting

The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Image Protector 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin of the WordPress Foundation. A cross-site scripting vulnerability...

PT-2023-17422 · WordPress · Image Protector

Name of the Vulnerable Software and Affected Versions: Image Protector WordPress plugin versions 1.1 and earlier Description: The issue allows high-privilege users to perform Stored Cross-Site Scripting XSS attacks due to improper sanitization of some settings, even when the unfiltered html...

WordPress Defa Online Image Protector Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Defa Online Image Protector Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2026 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 01e5a8f2cad7 Credits Shreya Pohekar...

Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to...

Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to...

Akamai Brand Protector Solves the Growing Problem of Impersonation Attacks

...

PT-2025-40198

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of stack protectors during the boot process. Specifically, the issue arises from discrepancies in the stack canary values when...

WordPress Fantastic Content Protector Free Plugin <= 2.6 is vulnerable to Broken Access Control

Software Fantastic Content Protector Free Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25048 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1ac1ef2d7ef5 Credits Rio Darmawan...

CVE-2023-26253

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read...

SUSE CVE-2018-12886

stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the...

CVE-2023-25139

A vulnerability was found in glibc. When the printf family of functions is called with a format specifier that uses an apostrophe enable grouping and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size...

nodejs: DNS rebinding in inspect via invalid octal IP address

A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code...

Oracle Linux 7 : glibc (ELSA-2022-9358)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9358 advisory. - The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the...

CVE-2022-0191

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

CVE-2022-0191

The CVE-2022-0191 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin prior to version 1.2.7. The root cause is a missing CSRF check when deleting banned users, allowing a logged-in administrator to remove arbitrary bans via CSRF. Documents confirm this affects the AICP plugin a...

WordPress plugin Ad Invalid Click Protector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Ad Invalid Click Protector plugin versions prior to 1.2.7 are vulnerable to cross-site...

CVE-2021-23283

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...