AstrBot security vulnerabilities

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.24.2 of AstrBot contains a security vulnerability. This vulnerability stems from improper handling of the sessionid parameter in the astrmainagent function within the...

WordPress plugin Sensei LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-38580 · WordPress · Sensei Lms

Name of the Vulnerable Software and Affected Versions: The Sensei LMS WordPress plugin versions prior to 4.24.2 Description: The issue concerns the Sensei LMS WordPress plugin, where some of its REST API routes are not properly protected, allowing unauthenticated attackers to leak email templates...

PT-2024-25676 · Strapi · @Strapi/Plugin-Users-Permissions

Name of the Vulnerable Software and Affected Versions: @strapi/plugin-users-permissions versions prior to 4.24.2 Description: The issue arises from combining two vulnerabilities in @strapi/plugin-users-permissions: an Open Redirect and a session token sent as a URL query parameter. This allows an...