The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for u ...
Continue Reading
October 16, 2024
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect ...
Continue Reading
October 16, 2024
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7. ...
Continue Reading
October 16, 2024
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in ve ...
Continue Reading
October 16, 2024
Summary Bypass CSRF Middleware by a request without Content-Type herader. Details Although the csrf middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type ...
Continue Reading
October 16, 2024
There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact Carefully crafted text can cause the ...
Continue Reading
October 16, 2024
There is a possible ReDoS vulnerability in the plain_text_for_blockquote_node helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Impact Carefully crafted te ...
Continue Reading
October 16, 2024
Security Advisory Description CVE-2019-10768 In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. CVE-2 ...
Continue Reading
October 16, 2024
Back to Main
