برچسب: امنیت

Description WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user’s password. No exploitation occurred. References https://www.authkit.com https://workos.com/security/advisories مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in vinagecko VG PostCarousel allows PHP Local File Inclusion. This issue affects VG PostCarousel: from n/a through 1.1. References https://patchstack.com/database/wordpress/plugin/vg-postcarousel/vulnerability/wordpress-vg-postcarousel-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue: from n/a through 1.5. References https://patchstack.com/database/wordpress/plugin/revenueflex-easy-ads/vulnerability/wordpress-auto-ad-inserter-increase-google-adsense-and-ad-manager-revenue-plugin-1-5-settings-change-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in guelben Bravo Search & Replace allows Blind SQL Injection. This issue affects Bravo Search & Replace: from n/a through 1.0. References https://patchstack.com/database/wordpress/plugin/bravo-search-and-replace/vulnerability/wordpress-bravo-search-replace-plugin-1-0-sql-injection-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in themelogger Contact Form 7 Star Rating with font Awesome allows Stored XSS. This issue affects Contact Form 7 Star Rating with font Awesome: from n/a through 1.3. References https://patchstack.com/database/wordpress/plugin/contact-form-7-star-rating-with-font-awersome/vulnerability/wordpress-contact-form-7-star-rating-with-font-awesome-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization allows Cross Site Request Forgery. This issue affects JPG, PNG Compression and Optimization: from n/a through 1.7.35. References https://patchstack.com/database/wordpress/plugin/wp-image-compression/vulnerability/wordpress-jpg-png-compression-and-optimization-plugin-1-7-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Winlin Live Streaming Video Player – by SRS Player allows DOM-Based XSS. This issue affects Live Streaming Video Player – by SRS Player: from n/a through 1.0.18. References https://patchstack.com/database/wordpress/plugin/srs-player/vulnerability/wordpress-live-streaming-video-player-by-srs-player-plugin-1-0-18-cross-site-scripting-xss-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sébastien Dumont WooCommerce Display Products by Tags allows DOM-Based XSS. This issue affects WooCommerce Display Products by Tags: from n/a through 1.0.0. References https://patchstack.com/database/wordpress/plugin/woocommerce-display-products-by-tags/vulnerability/wordpress-woocommerce-display-products-by-tags-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO allows Stored XSS. This issue affects WP Social SEO Booster – Knowledge Graph Social Signals SEO: from n/a through 1.2.0. References https://patchstack.com/database/wordpress/plugin/wp-social-seo-booster/vulnerability/wordpress-wp-social-seo-booster-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wumii team 无觅相关文章插件 allows Stored XSS. This issue affects 无觅相关文章插件: from n/a through 1.0.5.7. References https://patchstack.com/database/wordpress/plugin/wumii-related-posts/vulnerability/wordpress-plugin-1-0-5-7-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ