π¨ CVE-2024-47847
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
π@cveNotify
π¨ CVE-2024-47849
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
π@cveNotify
π¨ CVE-2024-24142
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
π@cveNotify
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
π@cveNotify
GitHub
GitHub - BurakSevben/CVE-2024-24142
Contribute to BurakSevben/CVE-2024-24142 development by creating an account on GitHub.
π¨ CVE-2024-31098
Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.
π@cveNotify
Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.
π@cveNotify
π¨ CVE-2024-31246
Missing Authorization vulnerability in Post Grid Team by WPXPO PostX β Gutenberg Blocks for Post Grid.This issue affects PostX β Gutenberg Blocks for Post Grid: from n/a through 3.2.3.
π@cveNotify
Missing Authorization vulnerability in Post Grid Team by WPXPO PostX β Gutenberg Blocks for Post Grid.This issue affects PostX β Gutenberg Blocks for Post Grid: from n/a through 3.2.3.
π@cveNotify
Patchstack
WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin β PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerabilityβ¦
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-31294
Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.
π@cveNotify
Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.
π@cveNotify
Patchstack
WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2023-23639
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
π@cveNotify
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
π@cveNotify
Patchstack
Broken Access Control in WordPress MainWP Staging Extension Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2023-23640
Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.
π@cveNotify
Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.
π@cveNotify
Patchstack
Broken Access Control in WordPress MainWP UpdraftPlus Extension Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-8318
The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βattributesForBlocksβ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βattributesForBlocksβ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2024-41715
The goTenna Pro ATAK Plugin has a payload length vulnerability that
makes it possible to tell the length of the payload regardless of the
encryption used.
π@cveNotify
The goTenna Pro ATAK Plugin has a payload length vulnerability that
makes it possible to tell the length of the payload regardless of the
encryption used.
π@cveNotify
π¨ CVE-2024-45987
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process.
π@cveNotify
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process.
π@cveNotify
GitHub
CVEs/CVE-2024-45987 at main Β· soursec/CVEs
This repository contains CVEs assigned to me. Contribute to soursec/CVEs development by creating an account on GitHub.
π¨ CVE-2024-47841
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.
π@cveNotify
π¨ CVE-2024-9385
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2024-9455
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
π@cveNotify
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
π@cveNotify
WordPress.org
WP Cleanup and Basic Functions
Head section cleanup and many usual custom settings used on every website setup as images settings and sizes, privacy, and basic admin customizations
π¨ CVE-2024-9528
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2024-8743
The Bit File Manager β 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.
π@cveNotify
The Bit File Manager β 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.
π@cveNotify
π¨ CVE-2024-8486
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2024-9532
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
IoT-vulnerable/D-Link/DIR-605L/formAdvanceSetup.md at main Β· abcdefg-png/IoT-vulnerable
IoT-vulnerable. Contribute to abcdefg-png/IoT-vulnerable development by creating an account on GitHub.
π1
π¨ CVE-2024-9417
The Hash Form β Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.
π@cveNotify
The Hash Form β Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.
π@cveNotify
π¨ CVE-2024-44011
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5.
π@cveNotify
Patchstack
WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-44012
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.
π@cveNotify
Patchstack
WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.