MAL-2024-1164 Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress FG PrestaShop to WooCommerce Plugin <= 4.45.1 is vulnerable to Sensitive Data Exposure

Software FG PrestaShop to WooCommerce Type Plugin Vulnerable versions = 4.45.1 Fixed in 4.47.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-30511 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d7bd1db6d6b7...

[SECURITY] Fedora 40 Update: rsyntaxtextarea-3.1.3-11.fc40

RSyntaxTextArea is a customizable, syntax highlighting text component for Java Swing applications. Out of the box, it supports syntax highlighting for 40+ programming languages, code folding, search and replace, and has add-on libraries for code completion and spell checking. Syntax highlighting...

CVE-2024-1750

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function getimgurl/imgreplace in the library lib/imagesgetdown.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely...

PT-2024-20594 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: pkg affected versions not specified Description: The issue arises from the pkg tool writing native code packages to a hardcoded directory, specifically /tmp/pkg/ on Unix systems, which is a shared directory for all users on the same local...

WordPress Better Search Replace Plugin < 1.4.5 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:deliciousbrains:bettersearchreplace"; if description...

CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

Deserialization of untrusted data

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

CVE-2023-6933

CVE-2023-6933 affects the WordPress plugin Better Search Replace (

WordPress plugin Better Search Replace security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Exploit for Deserialization of Untrusted Data in Wpengine Better_Search_Replace

PoC exploit for CVE-2023-6933, a vulnerability in a web applicat...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2024-1130)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function gagrowinner in in the file...

WordPress Better Search Replace Plugin <= 1.4.4 is vulnerable to PHP Object Injection

Software Better Search Replace Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-6933 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 3ac241f51ac9 Credits Sam Pizzey mopman Required privilege...

PT-2024-15128

Name of the Vulnerable Software and Affected Versions Better Search Replace plugin for WordPress versions up to, and including, 1.4.4 Description The issue is related to PHP Object Injection via deserialization of untrusted input, allowing unauthenticated attackers to inject a PHP Object. If a PO...

VulnCheck KEV: CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin...

WordPress Ninja Tables Plugin <= 5.0.5 is vulnerable to Broken Access Control

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23504 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 86a45ee34ff9 Credits emad Required privilege...

CVE-2023-6737

The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXELDEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-6737

The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXELDEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-6737 Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting

The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXELDEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...