12 matches found
CVE-2025-66436
Summary: CVE-2025-66436 is a Server-Side Template Injection (SSTI) in Frappe ERPNext up to version 15.89.0, in get_terms_and_conditions. The function renders attacker-controlled Jinja2 templates (terms) via frappe.render_template() with a user-supplied context (doc). Despite a custom SandboxedEnv...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from the presence of server-side template injection in the gettermsandconditions method, which could lead to server-side code...
CVE-2025-11816 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disconnectaccountrequest function in all versions up to, and including, 3.5.1. This makes i...
CVE-2025-43822
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload...
CVE-2025-8565
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...
CVE-2025-8565
CVE-2025-8565 affects the WordPress plugin Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WP Legal Pages. The vulnerability is a missing capability check in wplp_gdpr_install_plugin_ajax_handler() that exists in all versions up to and including 3.4.3. This allows authent...
CVE-2025-8565 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplpgdprinstallpluginajaxhandler function in all versions up to, and including, 3.4.3...
CVE-2025-30866
CVE-2025-30866 – The Terms & Conditions Per Product plugin suffers a Missing Authorization flaw due to incorrectly configured access control. Affected Software: Terms & Conditions Per Product (from n/a up to 1.2.15). Underlying cause: improperly configured access control levels that allow unautho...
CVE-2023-47824
Cross-Site Request Forgery CSRF vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin = 1.3.8 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin = 1.3.8 versions...
CVE-2021-25106
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to...
Facebook 2012 Hacker Cup announced !
Facebook 2012 Hacker Cup announced Facebook today announced open registration for its second annual Hacker Cup, an annual algorithmic programming contest open to engineers from around the world. Programmers will be judged on accuracy and speed as they race to solve algorithmic problems to advance...