Day: Nisan 25, 2022

CVE-2021-4225

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent…

Devamını oku

CVE-2021-25111

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue Zafiyet…

Devamını oku

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the…

Devamını oku

CVE-2021-24957

The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art…

Devamını oku