CVE-2024-34762

CVE-2024-34762 affects the WordPress plugin Advanced Custom Fields Pro (WP ACF Pro). The issue is an improper limitation of pathnames to a restricted directory, enabling PHP Local File Inclusion. Public details indicate impact up to versions prior to 6.2.10 (with some sources noting an authentica...

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....

CVE-2024-34761

CVE-2024-34761 is a vulnerability in the WordPress plugin Advanced Custom Fields Pro (WP ACF Pro) where an improper control of code generation enables Code Injection. The issue affects versions up to 6.2.9 (n/a before 6.2.10 per sources) and can be exploited by an authenticated user with Contribu...

CVE-2024-30225

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10...

CVE-2024-30225 WordPress WP Migrate plugin <= 2.6.10 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10...

CVE-2024-30225

CVE-2024-30225 describes a Deserialization of Untrusted Data vulnerability affecting WP Migrate Pro (WP Migrate DB Pro) up to version 2.6.10. The issue is a PHP object injection flaw caused by deserializing untrusted input, enabling an attacker to potentially achieve arbitrary code execution or o...

WordPress WPEngine Configuration Detected

WPengine is a popular provider of managed WordPress hosting. Configurations may be located in a file named config.json inside the wpeprivate hidden directory. This configuration file may expose sensitive information such as database credentials and WPEngine account information which may be used b...

Post Action Report: Bad Firewall Rule Released to WPEngine Customers Wednesday

On Wednesday afternoon a small percentage of WPEngine websites using a paid version of Wordfence experienced a 500 Internal Server Error or white screen on their sites due to an erroneous firewall rule that we released. If you have experienced this issue, please check your email which contains...

MAL-2022-3244 Malicious code in fullcontact-wpengine (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5f67c7030aedd455559bb6a9a9bd3e28afee025caef80268e159b50f7c0ad36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fullcontact-wpengine (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5f67c7030aedd455559bb6a9a9bd3e28afee025caef80268e159b50f7c0ad36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

mymfms.wpengine.com XSS vulnerability

Open Bug Bounty ID: OBB-586450 Description| Value ---|--- Affected Website:| mymfms.wpengine.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...