The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.Read More ...
Continue Reading
July 10, 2023
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is ...
Continue Reading
July 10, 2023
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the ...
Continue Reading
July 10, 2023
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.Read More ...
Continue Reading
July 10, 2023
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipar ...
Continue Reading
July 10, 2023
# CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfe...Read More ...
Continue Reading
July 09, 2023
A potential Cross Site Scripting (XSS) vulnerablity ([CVE-2022-36180](https://security-tracker.debian.org/tracker/CVE-2022-36180)) and session handling vulnerability ([CVE-2022-36179](https://security ...
Continue Reading
July 08, 2023
A vulnerability has been found in phpCAS, a Central Authentication Service client library in php, which may allow an attacker to gain access to a victim's account on a vulnerable CASified service with ...
Continue Reading
July 08, 2023
Back to Main
