3 matches found
PT-2024-30303 · WordPress · Simple Local Avatars
Name of the Vulnerable Software and Affected Versions: Simple Local Avatars versions 2.7.10 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Simple Local Avatars plugin. This allows an attacker to perform unintended actions on a user's account. The estimated number of...
GHSA-G5H3-W546-PJ7F Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
PT-2021-23938 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.11 Description: A vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature in Discourse, an open source discussion platform. This feature allows a tag group ...