WordPress WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update vulnerability

Improper Authorization to Authenticated Contributor+ Plugin Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WP VR versions = 8.5.41...

EUVD-2024-34521

Malicious code in bioql PyPI...

CVE-2024-33941

Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1...

CVE-2024-38690

Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3...

CVE-2024-38690

CVE-2024-38690 corresponds to a Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder. Connected sources confirm the issue affects WordPress plugin versions 1.8.3 and earlier and describe a broken access-control scheme that allows accessing functionality not ...

PT-2024-28135 · Avirtum · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder

Name of the Vulnerable Software and Affected Versions: Avirtum iPanorama 360 WordPress Virtual Tour Builder versions 1.8.3 and earlier Description: The issue affects the Avirtum iPanorama 360 WordPress Virtual Tour Builder, allowing access to functionality not properly constrained by Access Contr...

WordPress plugin iPanorama 360 WordPress Virtual Tour Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.3 is vulnerable to Broken Access Control

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38690 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 070f425a0f60 Credits...

iPanorama 360 WordPress Virtual Tour Builder < 1.8.2 - Missing Authorization

Description The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to view deactivated...

CVE-2024-33941

Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1...

CVE-2024-33941

CVE-2024-33941: Missing Authorization in iPanorama 360 WordPress Virtual Tour Builder (lite) for WordPress plugin, affecting versions from n/a through 1.8.1. Connected sources confirm this as a Missing Authorization vulnerability; Red Hat Entry and Wordfence report patched status. No specific exp...

WordPress plugin iPanorama 360 WordPress Virtual Tour Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33941 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3a0c2aa84662 Credits...

CVE-2023-5336

The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...

WordPress plugin WP VR - 360 Panorama and Virtual Tour Builder For WordPress Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP VR - 360 Panorama...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin < 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc24718ff856 Credits Unknown Required privilege...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin = 8.2.7 versions...

CVE-2023-25708

CVE-2023-25708 is a Cross-Site Request Forgery (CSRF) vulnerability in the Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin, affecting WordPress sites running versions

WordPress Plugin Rextheme WP VR – 360 Panorama and Virtual Tour Builde 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress Plugin Rextheme ...