23 matches found
EUVD-2024-37581
Malicious code in bioql PyPI...
EUVD-2024-47663
Malicious code in bioql PyPI...
CVE-2024-6599
The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajaxsavesettings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2023-25989
Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading t...
CVE-2024-52431
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0...
CVE-2024-9192
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvrraterequestresult function in all versions up to, and including, 1.20.0. This makes it possible for...
WordPress WordPress Video Robot - The Ultimate Video Importer Plugin <= 1.20.0 is vulnerable to SQL Injection
Software WordPress Video Robot - The Ultimate Video Importer Type Plugin Vulnerable versions = 1.20.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52431 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 535a5d7fd7c2 Credits Bonds Requir...
WordPress WordPress Video Robot - The Ultimate Video Importer Plugin <= 1.20.0 is vulnerable to Privilege Escalation
Software WordPress Video Robot - The Ultimate Video Importer Type Plugin Vulnerable versions = 1.20.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-9192 Patch priority High CVSS severity High 8.8 Developer Claim ownership...
CVE-2024-38733
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12...
CVE-2024-38733
CVE-2024-38733 refers to a Missing Authorization vulnerability in the WordPress plugin Meks Video Importer (affected: versions up to and including 1.0.12). The issue results from incorrectly configured access control, described as a Missing Authorization / Broken Access Control scenario, allowing...
CVE-2024-38733 WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12...
CVE-2024-38733 WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12...
WordPress plugin Meks Video Importer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2024-28177 · Unknown · Meks Video Importer
Name of the Vulnerable Software and Affected Versions: Meks Video Importer versions 1.0.12 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For Meks Video...
CVE-2024-6599
The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajaxsavesettings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6599 Meks Video Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification
The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajaxsavesettings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6599
The CVE affects Meks Video Importer for WordPress. Root cause: missing capability check in ajax_save_settings allows authenticated users with Subscriber+ to modify plugin API keys in all versions up to 1.0.11. Impact: unauthorized API key modification could enable misuse of the plugin’s API keys....
PT-2024-37747 · WordPress · Meks Video Importer
Name of the Vulnerable Software and Affected Versions: Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11 Description: The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and...
WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Meks Video Importer versions = 1.0.12...
WordPress Meks Video Importer Plugin <= 1.0.12 is vulnerable to Broken Access Control
Software Meks Video Importer Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38733 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 55873b8587e6 Credits Majed Refaea Required...