CVE-2024-3910

CVE-2024-3910 affects Tenda AC500 2.0.1.9(1307). The flaw is in the fromDhcpListClient function (file /goform/DhcpListClient) where manipulating the page parameter causes a stack-based buffer overflow. Impact is described as remote code execution with high severity/impact across confidentiality, ...

CVE-2024-3907

A vulnerability was found in Tenda AC500 2.0.1.91307. It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

Sangar Slider <= 1.3.2 - Cross-Site Request Forgery

Description The Responsive Slider – Sangar Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...

CVE-2024-3875

A vulnerability was found in Tenda F1202 1.2.0.20408. It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2024-3875 Tenda F1202 Natlimit fromNatlimit stack-based overflow

A vulnerability was found in Tenda F1202 1.2.0.20408. It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

WordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Skalucy Patchstack Alliance in WordPress Plugin Ovic Responsive WPBakery versions = 1.3.0...

WordPress Ovic Responsive WPBakery Plugin <= 1.3.0 is vulnerable to Broken Access Control

Software Ovic Responsive WPBakery Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32142 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 35ffc13b78da Credits Skalucy Required...

WordPress Responsive Tabs plugin < 4.0.7 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Responsive Tabs versions 4.0.7...

CVE-2024-1846

The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1846 Responsive Tabs < 4.0.7 - Contributor+ Stored XSS

The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Plugin Responsive Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Responsive Slider ...

WordPress Responsive Slider by MetaSlider Plugin <= 3.70.0 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Slider by MetaSlider Type Plugin Vulnerable versions = 3.70.0 Fixed in 3.70.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3285 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 334dac19f012 Credits wesley...

WordPress Plugin Responsive Tabs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Responsive Tabs Plugin < 4.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Tabs Type Plugin Vulnerable versions 4.0.7 Fixed in 4.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1846 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1565ae17f3e Credits Dmitrii Ignatyev Required...

Best Practices for Optimizing Web Development Standards for Media Sites

By Owais Sultan Boost user engagement and SEO ranking with these key web development practices for media sites. Discover responsive design, page speed optimization, user-friendly CMS, SEO structure, and accessibility best practices. This is a post from HackRead.com Read the original post: Best...

Wordpress Responsive Gallery Grid plugin < 2.3.11 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by WPScan in WordPress Plugin Responsive Gallery Grid versions 2.3.11...

WordPress Plugin WP Responsive Tabs horizontal vertical and accordion Tabs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin WEN Responsive Columns 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin WEN Responsive Columns A cross-sit...

Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization

Description The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated...

CVE-2024-3514

CVE-2024-3514 entry is rejected; duplicate; please use CVE-2024-1846 instead.