CVE-2024-1566 Redirects <= 1.2.1 - Missing Authorization via save

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...

Directory Traversal

Stimulsoft Dashboard.JS is vulnerable to Directory Traversal. The vulnerability is due to improper fileName validation within the Save function. This issue can be exploited by an attacker to perform directory traversal via fileName parameter, resulting in Arbitrary Code Execution...

Stimulsoft Dashboard.JS directory traversal vulnerability

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

Directory traversal

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

Stimulsoft GmbH Stimulsoft Dashboard.JS security vulnerability

Stimulsoft GmbH Stimulsoft Dashboard.JS is a powerful dashboard development tool from Stimulsoft. A security vulnerability exists in Stimulsoft GmbH Stimulsoft Dashboard.JS versions prior to v.2024.1.2. An attacker can exploit this vulnerability to execute arbitrary code via a specially crafted...

PT-2024-15614 · Unknown · Campcodes Simple Student Information System

Name of the Vulnerable Software and Affected Versions: Campcodes Student Information System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /classes/Users.php?f=save. The manipulation of the username argument leads to sql injection...

CVE-2023-6493

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for...

WordPress plugin Depicter Slider security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

curl security vulnerability

curl is a tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.46.0 through 8.4.0, which stems from the fact that the save function appends a suffix to a filename and creates a temporary file, which may cause curl to delete all contents when the...

WordPress Plugin RSS Aggregator by Feedzy Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

WordPress Plugin Custom CSS, JS & PHP Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-11894 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the pmpro page save function. This allows...

UBUNTU-CVE-2023-39357

Cacti is an open source operational monitoring and fault management framework. A defect in the sqlsave function was discovered. When the column type is numeric, the sqlsave function directly utilizes user input. Many files and functions calling the sqlsave function do not perform prior validation...

CVE-2023-3764

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

Cross site request forgery (csrf)

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

WordPress plugin WooCommerce PDF Invoice Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...