113 matches found
WordPress plugin Rotating Tweets security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Rotating Tweets Twitter widget and shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's' 'rotatingtweets' in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
PT-2024-34624 · WordPress · Rotating Tweets
Name of the Vulnerable Software and Affected Versions: Rotating Tweets plugin for WordPress versions up to, and including, 1.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rotatingtweets' due to insufficient input sanitization and output escaping on...
MAL-2024-1495 Malicious code in @juiggitea/ut-odit-at (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff9b5a74bede900c4ceff979d81e8f4ed604f8e3a54f9a8a828626cb8299f566 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1271 Malicious code in web-ar-player (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd6b41d316342a401f8e262adb37d1982a359946c37d5b6dbbf9903eed6c6ea0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1227 Malicious code in @lbnqduy11805/psychic-waffle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283930fe8d814ee74e54a0c5c9840cfb9db19835aeb82c67a360d39407e4132 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Plugin Carousel, Slider, Gallery by WP Carousel 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
This Week in Spring - March 5th, 2024
Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....
MAL-2024-793 Malicious code in wlwz-2312-6902 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cb741da9a32478639c8b0ef3ca6670d55dc5148725d55b4a7b71dd676c0f6f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-724 Malicious code in wlwz-2312-6105 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbf5abcd25d1d1a85f14ff2a618ccda59dc86b5f7700dfc70493d5b038622949 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-629 Malicious code in wlwz-2312-5100 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27714c1a9cb0e9fbd0dd5dc9e93d68aaa4380b4e9878a20c7e56950a3d61a629 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-533 Malicious code in wlwz-2312-4003 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cade04019c93cac90303a5399259e82b8997c3c8f1a87492ac0b131a9086357 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-748 Malicious code in wlwz-2312-6402 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1caadbc8c9239e846f041d8a748fe9f65a969ca73bcef4e3aefded7129ba7f76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8661 Malicious code in pdf2htmlextest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8b2331e000213f0f48b8ff8f978a0ce93926cf42935a72a611195eee4b7b4c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Animated Rotating Words < 5.5 - Cross-Site Request Forgery via save_admin_options
Description The Animated Rotating Words Interchanging Random Words in a Sentence plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4. This is due to missing or incorrect nonce validation on the saveadminoptions function. This makes it possibl...
Code injection
The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...
CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task
The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...
tang security and bug fix update
7-8 - Set correct user/group tang/tang in tangd-keygen Resolves: rhbz2188743 7-7 - Fix race condition when creating/rotating keys Resolves: rhbz2182410 Resolves: CVE-2023-1672...
MAL-2023-8144 Malicious code in master-vanthinh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e920045339327b03cd9fdec06856b9d4779266c4a2deb959f5751a9b76f45f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8091 Malicious code in pretty-array (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13ccb71946d796fddfaa2f62631f277063b7f3230d5fd22d783585b8ed16391 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...