115 matches found
CVE-2024-35676
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through 1.7...
CVE-2024-35676
CVE-2024-35676 is tied to the Recurring PayPal Donations WordPress plugin and affects versions up to 1.7. It enables Stored XSS via shortcode due to improper input neutralization during web page generation; a patch status is noted as Patched in connected sources.
CVE-2024-35676 WordPress Recurring PayPal Donations plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through 1.7...
WordPress plugin Recurring PayPal Donations Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
PT-2024-26623 · Unknown · Wpecommerce Recurring Paypal Donations
Name of the Vulnerable Software and Affected Versions: wpecommerce Recurring PayPal Donations versions n/a through 1.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that...
WordPress Recurring PayPal Donations plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Recurring PayPal Donations versions = 1.7...
New Guide: How to Scale Your vCISO Services Profitably
Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business a...
CVE-2023-6583
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the...
Directory traversal
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the...
PT-2024-15013 · WordPress · Import/Export Users/Customers Plugin
Name of the Vulnerable Software and Affected Versions: Import and export users and customers plugin for WordPress versions up to, and including, 1.24.2 Description: The issue allows authenticated attackers with administrator access and above to read and delete the contents of arbitrary files on t...
Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id
Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...
Webinar: Riding the vCISO Wave: How to Provide vCISO Services
Demand for Virtual CISO services is soaring. According to Gartner, the use of vCISO services among small and mid-size businesses and non-regulated enterprises was expected to grow by a whopping 1900% in just one year, from only 1% in 2021 to 20% in 2022! Offering vCISO services can be especially...
SUSE CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...
CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...
Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO?
Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are...
Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO?
Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute as only 50% of SMBs have a dedicated internal IT person to take care of cybersecurity. No wonder cybercriminals are targeting SMBs so heavily. No wonder SMBs are...
Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice
In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers' cyber resilience. The growing need of SMEs and...
What’s New in InsightVM and Nexpose: Q3 2022 in Review
Another quarter comes to a close! While we definitely had our share of summer fun, our team continued to invest in the product, releasing features and updates like recurring coverage for enterprise technologies, performance enhancements, and more. Let’s take a look at some of the key releases in...
CVE-2022-27549
HCL Launch may store certain data for recurring activities in a plain text format...
Format string
HCL Launch may store certain data for recurring activities in a plain text format...