WordPress Wrapper Link Elementor Plugin 1.0.2,1.0.3 is vulnerable to Backdoor

Software Wrapper Link Elementor Type Plugin Vulnerable versions 1.0.2,1.0.3 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73ed028987ed Credits WordFence Required privilege Unauthenticate...

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

CVE-2024-4098

CVE-2024-4098 affects the Shariff Wrapper WordPress plugin (versions up to and including 4.6.13). The vulnerability is Local File Inclusion via shariff3uu_fetch_sharecounts, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server, potentially bypassing access c...

WordPress plugin Shariff Wrapper security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...

WordPress Shariff Wrapper plugin <= 4.6.13 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by haidv35 in WordPress Plugin Shariff versions = 4.6.13...

Information Disclosure

moodle/moodle is vulnerable to Information Disclosure. The vulnerability is caused due to the cURL wrapper in Moodle failing to clear HTTP authorization headers when following redirects, potentially exposing sensitive authentication information to unintended hosts...

Moodle HTTP authorization header is preserved between "emulated redirects"

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

GHSA-P2CJ-86V4-7782 Moodle HTTP authorization header is preserved between "emulated redirects"

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

UBUNTU-CVE-2024-38275

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

flatpak: sandbox escape via RequestBackground portal

A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Normally, the "--command" argument of "flatpak run" expects being given a command to run in the specified Flatpak app, along with optional arguments. However, it is possible to...

CVE-2024-2695

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius', 'services' and...

CVE-2024-2695

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. Th...

CVE-2024-2695 Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius', 'services' and...

CVE-2024-2695

CVE-2024-2695 affects Shariff Wrapper for WordPress (versions up to and including 4.6.13). The flaw is Stored XSS via the shariff shortcode due to insufficient input sanitization and output escaping of attributes (e.g., borderradius, timestamp). Exploitation requires authenticated access at contr...

WordPress plugin Shariff Wrapper security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...

WordPress Shariff Wrapper plugin <= 4.6.13 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shariff versions = 4.6.13...

Shariff Wrapper < 4.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius',...