18 matches found
CVE-2026-25447 WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...
EUVD-2023-35141
Malicious code in bioql PyPI...
CVE-2023-30779
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jonathan Daggerhart Query Wrangler plugin = 1.5.51 versions...
Mattermost has an unspecified vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost has a security vulnerability that stems from the Wrangler plugin that can bypass AI access control. No details of the vulnerability are provided at this time...
CVE-2025-24839
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
SUSE CVE-2025-24839
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
Mattermost Server 9.11.x < 9.11.10 / 10.4.x < 10.4.4 / 10.5.x < 10.5.2 / 10.6.0 (MMSA-2024-00410)
The version of Mattermost Server installed on the remote host is prior to 9.11.10, 10.4.4, or 10.5.2 / 10.6.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00410 advisory. - Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent...
GHSA-J639-M367-75CF Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
CVE-2025-24839
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
CVE-2025-24839
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
CVE-2025-24839
Mattermost CVE-2025-24839 affects Mattermost Server 9.11.x <= 9.11.9, 10.4.x <= 10.4.3, and 10.5.x
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost has a security vulnerability that stems from the Wrangler plugin that can bypass AI access control. No details of the vulnerability are provided at this time...
WordPress Query Wrangler plugin <= 1.5.54 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Query Wrangler versions = 1.5.54...
CVE-2023-30779
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jonathan Daggerhart Query Wrangler plugin = 1.5.51 versions...
PT-2023-22972 · Unknown · Jonathan Daggerhart Query Wrangler
Name of the Vulnerable Software and Affected Versions: Jonathan Daggerhart Query Wrangler plugin versions 1.5.51 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially...