6 matches found
PT-2024-30386 · WordPress · Sweet Date
Name of the Vulnerable Software and Affected Versions: Sweet Date versions 3.7.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Sweet Date WordPress theme, which could expose thousands of sites to potential takeovers. This vulnerability may allow...
Directory traversal
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...
CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion
Description The CataBlog plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access or higher to delete arbitrary files on the affected site's server which may make site takeover...
20K WordPress Sites Exposed by Insecure Plugin REST-API
More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting XSS bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails. The new vulnerability...
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations. The issues...