WordPress GamiPress Plugin <= 6.8.6 is vulnerable to SQL Injection

Software GamiPress Type Plugin Vulnerable versions = 6.8.6 Fixed in 6.8.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1799 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID ee7a36af539b Credits Krzysztof Zając Required privilege Contributor Published...

WordPress Plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Improper Privilege Management in Elasticsearch

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

WordPress Blog2Social plugin <= 6.8.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Blog2Social plugin versions = 6.8.6. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.8.7...

Elasticsearch Elevation of Privilege Vulnerability

Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing , and supports data indexing via HTTP using JSON. A lifting vulnerability exists in Elasticsearch versions 6.7.0 through 6.8.7 and...