12 matches found
CVE-2024-9583
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprssajaxsendpremiumsupport function in all versions up to, and including, 4.23.12. This makes it possible f...
CVE-2019-19589
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...
Wagtail regular expression denial-of-service via search query parsing
Impact A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedly large amount of time to process, resulting in a denial of...
VulnCheck KEV: CVE-2023-24955
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...
Microsoft SharePoint Server Code Injection Vulnerability
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...
PT-2023-2720
Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server affected versions not specified Description The issue is related to a remote code execution vulnerability in Microsoft SharePoint Server. This vulnerability allows an authenticated attacker with Site Owner privilege...
CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...
The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner
One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to address an aspect of securing data. These three pillars are Confidentiality, Integrity, and Availability. The Confidentiality pillar is intended to prevent...
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
CVE-2020-15118
CVE-2020-15118 affects Wagtail versions before 2.7.4 and 2.9.3, where HTML in form field help_text can be rendered unescaped when using Django form rendering helpers (e.g., form.as_p). This enables potential cross-site scripting via editor-controlled help text. Patches are available: Wagtail 2.7....
Wordpress WP-SendSMS Plugin 1.0 - Multiple Vulnerabilities
No description provided by source. ============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | || blackpentesters.blogspot.com...
[SA14263] Siteman Site Owner Registration Security Bypass Vulnerability
TITLE: Siteman Site Owner Registration Security Bypass Vulnerability SECUNIA ADVISORY ID: SA14263 VERIFY ADVISORY: http://secunia.com/advisories/14263/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Siteman 1.x http://secunia.com/product/4655/ DESCRIPTION: A...