85 matches found
CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it...
CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it...
CVE-2024-12627
CVE-2024-12627 - Coupon X: Discount Pop Up plugin (WordPress) is a PHP Object Injection vulnerability in versions up to 1.3.5, triggered by deserialization of untrusted input in the capture_email AJAX action. Authenticated attackers with Contributor-level access or higher can inject a PHP object....
CVE-2024-12627 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the captureemail AJAX action. This...
WordPress Coupon X plugin <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection vulnerability
Missing Authorization to Authenticated Contributor+ PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin Coupon X versions = 1.3.5...
WordPress Coupon X plugin <= 1.3.5 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin Coupon X versions = 1.3.5...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
...
CBL Mariner 2.0 Security Update: mysql (CVE-2024-21196)
The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21196 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions tha...
Oracle MySQL Server 8.x < 8.4.3 (January 2025 CPU)
The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the January 2024 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging Kerberos. Supported versions that are affected are 8.0.39 and prior,...
Oracle MySQL Server 9.x < 9.1.0 (January 2025 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging Kerberos. Supported versions that are affected are 8.0.39 and...
AZL-50460 CVE-2024-21196 affecting package mysql for versions less than 8.0.40-1
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
UBUNTU-CVE-2024-21196
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
CVE-2024-37109 WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...
SUSE CVE-2020-14870
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
WordPress Plugin Brilliance 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-23867
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...
CVE-2023-23867
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...
CVE-2023-23867 WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...
K63545041: Server component of Oracle MySQL vulnerabilities CVE-2017-3317, CVE-2017-3318, and CVE-2017-3319
Security Advisory Description CVE-2017-3317 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Logging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker...