WordPress plugin User Sync ActiveCampaign 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-5084 · Unknown · Pravin Durugkar User Sync Activecampaign

Name of the Vulnerable Software and Affected Versions: Pravin Durugkar User Sync ActiveCampaign versions 1.3.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: Fo...

CVE-2024-36258

A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-34166

An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-50051

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancelworksync before module remove If we remove the module which will call mpc52xxspiremove it will free 'ms' through spiunregistercontroller. while the work ms-work will be used. The sequence of operations tha...

CVE-2024-47143 dma-debug: fix a possible deadlock on radix_lock

In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock: CPU0 CPU1 CPU2 dmafreeatt...

kernel: i40e: fix race condition by adding filter's intermediate sync state

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multip...

PT-2025-1632

Name of the Vulnerable Software and Affected Versions WebinarPress plugin for WordPress versions up to, and including, 1.33.24 Description The WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the sync-import-imgs function and missing...

WordPress Jupiter X Core plugin <= 4.8.5 - Missing Authorization to Authenticated Library Sync vulnerability

Missing Authorization to Authenticated Library Sync vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin JupiterX Core versions = 4.8.5...

CVE-2024-12033

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

CVE-2024-12033

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

CVE-2024-12033 Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

CVE-2024-12152 MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'miplwcsyncdownloadlog' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2024-12152

CVE-2024-12152 concerns the MIPL WC Multisite Sync WordPress plugin. The Wordfence entry confirms a directory traversal vulnerability that affects all versions up to 1.1.5 via the mipl_wc_sync_download_log action, enabling unauthenticated reading of arbitrary server files containing potentially s...

PT-2025-1731 · WordPress · Jupiter X Core

Name of the Vulnerable Software and Affected Versions: Jupiter X Core plugin for WordPress versions up to, and including, 4.8.5 Description: The issue is related to a missing capability check on the sync libraries function, allowing authenticated attackers with Subscriber-level access and above t...

WordPress plugin MIPL WC Multisite Sync 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

SUSE CVE-2024-56591

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...

PT-2025-30809

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified in the drm/msm subsystem of the Linux kernel, specifically within the error handling path for submitting operations. The put unused fd function fails to...

PT-2025-41494

Name of the Vulnerable Software and Affected Versions chromium affected versions not specified Description A flaw exists in Google Chrome that could allow attackers to compromise the system. The issue is a heap buffer overflow within the Sync component of Chromium. Recommendations At the moment,...

UBUNTU-CVE-2024-56710

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephdirectreadwrite The bvecs array which is allocated in itergetbvecsalloc is leaked and pages remain pinned if cephallocsparseextmap fails. There is no need to delay the allocation of sparseext map unti...