WordPress Post Saint plugin <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Post Saint versions = 1.3.1...

EUVD-2020-8236

Malware in sbrugna...

EUVD-2020-8237

Malware in sbrugna...

EUVD-2020-8238

Malware in sbrugna...

EUVD-2020-8239

Malware in sbrugna...

EUVD-2023-51901

Malicious code in bioql PyPI...

EUVD-2024-54926

Malicious code in bioql PyPI...

Interlock Ransomware Group Leaks 43GB of Data in City of St. Paul Cyberattack

St. Paul hit by Interlock ransomware attack, 43GB of sensitive data leaked, city refuses ransom, launches Operation Secure…...

CVE-2023-47806

Cross-Site Request Forgery CSRF vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7...

CVE-2020-16278

A cross-site scripting XSS vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link...

CVE-2020-16276

An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...

CVE-2020-16275

A cross-site scripting XSS vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link...

CVE-2020-16277

An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...

Exploit for Improper Input Validation in Concretecms Concrete_Cms

CVE-2024-1247-PoC Post Saint = 1.3.1 plugin for WordPress...

CVE-2024-12471

The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the addimagetolibrary AJAX action function in all versions up to, and...

CVE-2024-12471 Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the addimagetolibrary AJAX action function in all versions up to, and...

CVE-2024-12471

CVE-2024-12471: Post Saint for WordPress (Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator) contains an authentication-required Arbitrary File Upload due to missing capability check and file-type validation on add_image_to_library. Affected versions inc...

WordPress plugin Post Saint 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

saint-joseph-oloron.fr Cross Site Scripting vulnerability OBB-3953421

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

saint-melany.fr Cross Site Scripting vulnerability OBB-3914401

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...