Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2 ...
Continue Reading
August 24, 2025
Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024 ...
Continue Reading
August 24, 2025
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in all versions ...
Continue Reading
August 24, 2025
The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to ...
Continue Reading
August 24, 2025
The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the ...
Continue Reading
August 24, 2025
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging th ...
Continue Reading
August 24, 2025
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions ...
Continue Reading
August 24, 2025
Back to Main
