CVE-2024-2165

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access...

CVE-2024-13814

The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

Php168 v6 权限提升漏洞

天天上班,好久没在论坛发贴了... 以前发过一个php168 v2008的权限提升漏洞,这次的漏洞也出在相同的代码段,直接给出exp,里面的一些细节还是有些意思的,有兴趣的同学可以自行分析: mail:[email protected] PHP168 V6.0 暂无 请关注官方网址：http://www.php168.com/ !/usr/bin/php ?php printr' +---------------------------------------------------------------------------+ Php168 v6.0 update user...