WordPress Admin Word Count Column 2.2 - Local File Inclusion

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...

CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

EUVD-2022-56000

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

CVE-2022-50953

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

CVE-2022-50953

The CVE concerns the WordPress plugin admin-word-count-column version 2.2 . A vulnerability allows unauthenticated local file read via crafted requests to download-csv.php, exploiting a null byte injection in the path parameter to bypass restrictions and read arbitrary files (e.g., system configu...

PT-2026-47231

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

EUVD-2023-50830

Malicious code in bioql PyPI...

CVE-2023-46628

Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4...

CVE-2022-3408

The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a...

CVE-2023-46628

Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4...

CVE-2023-46628

Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4...

WordPress plugin WP Word Count 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

[SECURITY] Fedora 40 Update: rust-uu_wc-0.0.23-3.fc40

wc uutils display newline, word, and byte counts for input...

VulnCheck KEV: CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by...

WP Word Count <= 3.2.4 - Missing Authorization via calculate_statistics

Description The WP Word Count plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the calculatestatistics function in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access and...

WordPress WP Word Count Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software WP Word Count Type Plugin Vulnerable versions = 3.2.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID becf99c528fe Credits Abdi Pranata Required privilege...

July 27, 2023, update for Office 2016 (KB5002307)

July 27, 2023, update for Office 2016 KB5002307 This article describes update 5002307 for Microsoft Office 2016 that was released on July 27, 2023.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

July 27, 2023, update for Office 2016 (KB5002117)

July 27, 2023, update for Office 2016 KB5002117 This article describes update 5002117 for Microsoft Office 2016 that was released on July 27, 2023.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

WordPress Word Count Analysis Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Word Count Analysis Type Plugin Vulnerable versions = 1.0.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 056e051a5bca Credits Rafie Muhammad Patchstack...