The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. Th ...
Continue Reading
July 13, 2023
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in version ...
Continue Reading
July 13, 2023
## Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. This effects all IBM Cloud Application Performance Management agents, al ...
Continue Reading
July 12, 2023
It was discovered that there was an issue in ruby-doorkeeper, an OAuth2 provider for Ruby on Rails applications. Doorkeeper automatically processed authorization requests without user consent for publ ...
Continue Reading
July 12, 2023
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on th ...
Continue Reading
July 12, 2023
The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_ ...
Continue Reading
July 12, 2023
The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_p ...
Continue Reading
July 12, 2023
The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the e ...
Continue Reading
July 12, 2023
Back to Main
