CVE-2024-4873 Replace Image <= 1.1.10 - Insecure Direct Object Reference

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...

WordPress plugin Replace Image security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Replace Image plugin <= 1.1.10 - Authenticated Insecure Direct Object Reference vulnerability

Authenticated Insecure Direct Object Reference vulnerability discovered by Jin Hao Chan in WordPress Plugin Replace Image versions = 1.1.10...

WordPress Replace Image Plugin <= 1.1.10 is vulnerable to Broken Access Control

Software Replace Image Type Plugin Vulnerable versions = 1.1.10 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 262021d9f7c1 Credits Jin Hao Chan Required privilege...

libvirt security update

0.10.2-64.0.1 - Replace docs/et.png in tarball with blank image 0.10.2-64.el610.2 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161...

libvirt security and bug fix update

0.10.2-18.0.1.el64.5 - Replace docs/et.png in tarball with blank image 0.10.2-18.el64.5 - daemon: Fix leak after listing volumes CVE-2013-1962 - Don't try to add non-existant devices to ACL rhbz958837 - Avoid spamming logs with cgroups warnings rhbz958837 - audit: Properly encode device path in...

CVE-2011-2377

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a multipart/x-mixed-replace image...

Memory corruption

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a multipart/x-mixed-replace image...

CVE-2011-2377

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a multipart/x-mixed-replace image...