1395 matches found
CVE-2024-30322
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...
Emergency Ambulance Hiring Portal ambulance-tracking.php File SQL Injection Vulnerability
Emergency Ambulance Hiring Portal is an emergency ambulance hiring portal. The Emergency Ambulance Hiring Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the searchdata parameter of the ambulance-tracking.php file of t...
PT-2024-7754 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...
PT-2024-22964 · WordPress · The News Wall
Name of the Vulnerable Software and Affected Versions: The News Wall plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is due to missing or incorrect nonce validation on the nwap newslist page function, making it possible for unauthenticated attackers to update the...
GHSA-F5X3-32G6-XQ36 Denial of service while parsing a tar file due to lack of folders count validation
Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...
PT-2024-17945 · Woomotiv · Live Sales Notification For Woocommerce – Woomotiv
Name of the Vulnerable Software and Affected Versions: Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax cancel revie...
CVE-2024-0830
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke...
PT-2024-18517 · Mediatek +1 · Mt6739 +19
Name of the Vulnerable Software and Affected Versions: In da affected versions not specified Description: The issue is related to a possible out of bounds write due to lack of validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is...
CVE-2024-0513
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the removefromwishlist function. This makes it possible for unauthenticated attackers to...
CVE-2024-0433
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attackers to remove...
CVE-2024-1943
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
WordPress Theme Yuki Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Plugin Gestpay for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15804 · Envo · Elementor Templates & Widgets For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax plugin...
CVE-2024-1907
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...
CVE-2024-22776
Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...
CVE-2024-1360
The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...
CVE-2024-1777
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...
PT-2024-18096 · WordPress · Wp Database Reset
Name of the Vulnerable Software and Affected Versions: Database Reset plugin for WordPress versions up to, and including, 3.22 Description: The issue is due to missing or incorrect nonce validation on the install wpr function, making it possible for unauthenticated attackers to install the WP Res...
PT-2024-15628 · WordPress · The Royal Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the add to wishlist function...