CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

PT-2024-15862 · WordPress · Pdf Viewer For Elementor

Name of the Vulnerable Software and Affected Versions: PDF Viewer for Elementor plugin for WordPress versions up to, and including, 2.9.3 Description: The issue is related to Stored Cross-Site Scripting via the render function due to insufficient input sanitization and output escaping. This allow...

CVE-2024-1974

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files...

WordPress Plugin HT Mega 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18463 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.4.7 Description: The issue allows authenticated attackers with contributor access or higher to read the contents of arbitrary files on the server, potentially...

WordPress Plugin Elementor Addon Elements Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-5841

Name of the Vulnerable Software and Affected Versions WPML versions up to, and including, 4.6.12 Description The WPML plugin for WordPress is vulnerable to Remote Code Execution via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render...

Race Condition

wiremock is vulnerable toa Race Condition. The vulnerability is due to the render function when DNS server's address expire between initial validation and an outbound network request, potentially leading to unintended access to prohibited domains...

Server-Side Template Injection(SSTI)

com.ibeetl:beetl is vulnerable to Server-Side Template InjectionSSTI. A remote attacker is able to cause server-side template injection due to insufficient checks in render function via a crafted payload...

CVE-2023-29827

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with...

Server-side template injection in beetl

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...

CVE-2023-30331

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...

CVE-2023-30331

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...

CVE-2023-30331

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection SSTI via a crafted payload...

CVE-2023-29827

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with...

PT-2023-22639 · Beetl · Beetl

Name of the Vulnerable Software and Affected Versions: beetl version 3.15.0 Description: An issue in the render function allows attackers to execute server-side template injection SSTI via a crafted payload. Recommendations: For beetl version 3.15.0, consider disabling the render function until a...

Cross site scripting

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely...

PT-2023-10010 · Unknown · Dd32 Debug Bar Plugin

Name of the Vulnerable Software and Affected Versions: dd32 Debug Bar Plugin versions up to 0.8 Description: A vulnerability was found in the dd32 Debug Bar Plugin, which has been declared as problematic. The issue affects the render function of the file panels/class-debug-bar-queries.php, leadin...

SUSE CVE-2021-32491

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render in tools/ddjvu via crafted djvu file may lead to application crash and other consequences...

CVE-2014-125034 stiiv contact_app View.php render cross site scripting

A vulnerability has been found in stiiv contactapp and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named...