Vulnerabilities fixed in ForgeRock Web Agents and Java Agents

ForgeRock has fixed vulnerabilities in Web Agents and Java Agents. An unauthenticated remote malicious agent could potentially exploit the vulnerabilities potentially exploit them to bypass authentication, gain access to sensitive data or execute arbitrary code execute arbitrary code. ForgeRock h...

WordPress Better Click To Tweet plugin <= 5.10.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Better Click To Tweet plugin versions = 5.10.1. Solution Update the WordPress Better Click To Tweet plugin to the latest available version at least 5.10.2...

CloudLinux Imunify360 代码问题漏洞

CloudLinux Imunify360 is a comprehensive security platform for web hosting servers from CloudLinux USA. CloudLinux Imunify360 version 5.10.2 A security vulnerability exists in the Ai-Bolit feature that stems from a php deserialization vulnerability in the Ai-Bolit feature. A specially crafted fil...

Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS

The plugin allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design like subutton's onclick attribute...

WordPress 2by2host Widget Logic Plugin Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. 2by2host Widget Logic plugin is a web widget control plugin used in it. A cross-site request forgery vulnerability exists in the...