41 matches found
PT-2024-16387 · WordPress · Leopard - Wordpress Offload Media
Name of the Vulnerable Software and Affected Versions: Leopard - WordPress Offload Media plugin versions up to, and including, 3.1.1 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the import settings function...
WordPress plugin Bot for Telegram on WooCommerce 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...
CVE-2024-46377
CVE-2024-46377 affects Best House Rental Management System 1.0. The vulnerability is an arbitrary file upload in the save_settings() function of rental/admin_class.php. Public sources (Red Hat advisory, CVE records, CNNVD, CVEList, and a GitHub exploit PoC) confirm an unrestricted upload path tha...
PT-2024-38478 · WordPress · Ota Sync Booking Engine Widget
Name of the Vulnerable Software and Affected Versions: OTA Sync Booking Engine Widget plugin for WordPress versions up to, and including, 1.2.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the otasync widget settings fnc function...
PT-2024-12465 · WordPress · The Bricks
Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the save settings function, making it possible for unauthenticated attackers to modify the theme's...
PT-2024-12877 · WordPress · Radio Player
Name of the Vulnerable Software and Affected Versions: Radio Player plugin for WordPress versions up to, and including, 2.0.73 Description: The issue allows unauthorized modification of data due to a missing capability check on the update settings function. This makes it possible for...
WordPress plugin Radio Player 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
PT-2024-38390 · Itsourcecode · Itsourcecode Airline Reservation System
Name of the Vulnerable Software and Affected Versions: itsourcecode Airline Reservation System version 1.0 Description: A critical issue has been found in the itsourcecode Airline Reservation System, where the save settings function in the admin/admin class.php file is affected. The manipulation ...
CVE-2024-1634
The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...
WordPress plugin GDPR CCPA Compliance & Cookie Consent Banner Security Breach
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin GDP...
PT-2024-13312 · Gnome · Gnome Gtk
Name of the Vulnerable Software and Affected Versions: Gnome GTK affected versions not specified Description: The issue is related to a null pointer dereference in Gnome GTK, specifically via the parse settings function at xsettings-client.c. Recommendations: At the moment, there is no informatio...
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...
CVE-2023-6496
The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...
CVE-2023-36223
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function...
CVE-2023-36223
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function...
CVE-2023-36223
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function...
PT-2023-25489 · Mlogclub · Bbs-Go
Name of the Vulnerable Software and Affected Versions: mlogclub bbs-go versions 3.5.5 and before Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function. This enables the attacker to perform Cross Site...
CVE-2023-36223
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function...
CVE-2022-45654
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the formfastsettingwifiset function...
PT-2021-16273 · WordPress · Wp Debugging
Name of the Vulnerable Software and Affected Versions: WP Debugging WordPress plugin versions prior to 2.11.0 Description: The issue concerns the update settings function, which is hooked to admin init and lacks authorization and CSRF checks. This allows settings to be updated by unauthenticated...