8 matches found
CVE-2024-2343
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and above, to...
PT-2024-19864 · WordPress · Avada
Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue allows unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. This is possible due to sensiti...
WordPress Plugin Avada 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Avada Theme <= 7.11.6 is vulnerable to Sensitive Data Exposure
Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2340 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bc2cd20cbb75 Credits Muhammad Zeeshan Xib3rR4dAr Require...
WordPress Avada Theme <= 7.11.6 is vulnerable to Cross Site Scripting (XSS)
Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2311 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 07e5a74cda4c Credits Muhammad Zeeshan Xib3rR4dAr...
WordPress Avada Theme <= 7.11.6 is vulnerable to SQL Injection
Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2344 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 15fee136284a Credits Muhammad Zeeshan Xib3rR4dAr Required privilege Administrato...
Atlassian Confluence Webwork OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be access...
Confluence Server Webwork OGNL injection - CVE-2021-26084
This vulnerability is being actively exploited in the wild. Affected servers should be patched immediately. An OGNL injection vulnerability exists that allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The CVE ID is CVE-2021-26084. h4...