4 matches found
PT-2023-15935 · WordPress · Adsanity
Name of the Vulnerable Software and Affected Versions: AdSanity plugin for WordPress versions up to, and including, 1.8.1 Description: The issue is related to missing file type validation in the ajax upload function, allowing authenticated attackers with Contributor+ level privileges to upload...
WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control
Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...
PT-2023-15891 · Snoyberg · Keter
Name of the Vulnerable Software and Affected Versions: snoyberg keter versions up to 1.8.1 Description: A vulnerability has been found in snoyberg keter, classified as problematic. This issue affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross-sit...
PT-2019-11324 · Jenkins · Jenkins Octopusdeploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin versions 1.8.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the server connect to an attacker-specified URL and obtain the HTTP...