WordPress plugin PDF Image Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Smart Online Order for Clover Plugin <= 1.5.6 is vulnerable to Broken Access Control

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7032 Patch priority Medium CVSS severity Medium 6.5 Developer Zaytech PSID 1d01355fa1e4 Credits Lucio Sá Required...

WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Smart Online Order for Clover versions = 1.5.6...

WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Smart Online Order for Clover versions = 1.5.6...

WordPress Orchid Store Theme <= 1.5.6 is vulnerable to Broken Access Control

Software Orchid Store Type Theme Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6987 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11ea3d6423d2 Credits Lucio Sá Required privilege...

WordPress theme Orchid Store 安全漏洞

WordPress is a blogging platform developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Orchid Store version 1.5.6 and earlier...

PT-2024-28169 · Unknown · Bernhard Kux Json Content Importer

Name of the Vulnerable Software and Affected Versions: Bernhard Kux JSON Content Importer versions 1.5.6 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This allows an attacker to forge requests from the server, potentially leading to unauthorized access to...

VulnCheck KEV: CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

WordPress Primary Addon for Elementor Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Primary Addon for Elementor Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5229 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e45d83fa375c Credits stealthcopte...

WordPress plugin Simple Registration for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24629 · Woocommerce · Simple Registration For Woocommerce

Name of the Vulnerable Software and Affected Versions: Simple Registration for WooCommerce versions 1.5.6 and earlier Description: The issue is related to Improper Privilege Management, which allows Privilege Escalation. Recommendations: For versions 1.5.6 and earlier, update to a version that...

WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin VOD Infomaniak versions = 1.5.6...

VulnCheck KEV: CVE-2024-33571

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through = 1.5.6...

PT-2024-20250 · WordPress · Better Comments

Name of the Vulnerable Software and Affected Versions: Better Comments WordPress plugin versions prior to 1.5.6 Description: The issue allows low privilege users, such as Subscribers, to perform Stored Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some of its settings...

PT-2024-20238 · WordPress · Better Comments

Name of the Vulnerable Software and Affected Versions: Better Comments WordPress plugin versions prior to 1.5.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

WordPress Better Comments Plugin < 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Better Comments Type Plugin Vulnerable versions 1.5.6 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2402 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ef62708732b4 Credits Nicolo Required privilege...

PT-2024-23010 · WordPress · The Portfolio Gallery – Image Gallery Plugin

Name of the Vulnerable Software and Affected Versions: Portfolio Gallery – Image Gallery Plugin versions 1.5.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that...

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

PT-2024-18355 · WordPress · Revivepress

Name of the Vulnerable Software and Affected Versions: RevivePress – Keep your Old Content Evergreen plugin for WordPress versions up to, and including, 1.5.6 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the import data and copy...