Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2024-52393 – Podlove Podcast Publisher

Published : 2024-11-14 Title: WordPress Podlove Podcast Publisher plugin <= 4.1.15 – Admin+ Remote Code Execution (RCE) vulnerability Description Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15. CWE CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine CVSS Score Severity Version Vector String 9.1 CRITICAL 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor : n/a Product: Podlove Podcast Publisher Vulnerable Versions: n/a through 4.1.15 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability?_s_id=cve– https://www.cve.org/CVERecord?id=CVE-2024-52393

Leggi di più
CVE

CVE-2024-50465 – Premium SEO Pack

Published : 2024-10-28 Title: WordPress Premium SEO Pack plugin <= 1.6.001 – SQL Injection vulnerability Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001. CWE CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVSS Score Severity Version Vector String 8.5 HIGH 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L Vendor : n/a Product: Premium SEO Pack Vulnerable Versions: n/a through 1.6.001 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/premium-seo-pack/wordpress-premium-seo-pack-plugin-1-6-001-sql-injection-vulnerability?_s_id=cve– https://www.cve.org/CVERecord?id=CVE-2024-50465

Leggi di più
CVE

CVE-2024-50409 – Namaste! LMS

Published : 2024-10-29 Title: WordPress Namaste! LMS plugin <= 2.6.2 – Cross Site Scripting (XSS) vulnerability Description Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. CWE CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) CVSS Score Severity Version Vector String 6.5 MEDIUM 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Vendor : n/a Product: Namaste! LMS Vulnerable Versions: n/a through 2.6.2 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/namaste-lms/wordpress-namaste-lms-plugin-2-6-2-cross-site-scripting-xss-vulnerability-2?_s_id=cve– https://www.cve.org/CVERecord?id=CVE-2024-50409

Leggi di più
CVE

CVE-2024-52427 – Event Tickets with Ticket Scanner

Published : 2024-11-18 Title: WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 – Remote Code Execution (RCE) vulnerability Description Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. CWE CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine CVSS Score Severity Version Vector String 9.9 CRITICAL 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Vendor : n/a Product: Event Tickets with Ticket Scanner Vulnerable Versions: n/a through 2.3.11 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve– https://www.cve.org/CVERecord?id=CVE-2024-52427

Leggi di più
CVE

CVE-2024-52434 – Popup by Supsystic

Published : 2024-11-18 Title: WordPress Popup by Supsystic plugin <= 1.10.29 – Remote Code Execution (RCE) vulnerability Description Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29. CWE CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine CVSS Score Severity Version Vector String 9.1 CRITICAL 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor : n/a Product: Popup by Supsystic Vulnerable Versions: n/a through 1.10.29 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-29-remote-code-execution-rce-vulnerability?_s_id=cve– https://www.cve.org/CVERecord?id=CVE-2024-52434

Leggi di più
CVE

CVE-2024-52436 – Post SMTP

Published : 2024-11-18 Title: WordPress Post SMTP plugin <= 2.9.9 – SQL Injection vulnerability Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9. CWE CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVSS Score Severity Version Vector String 7.6 HIGH 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L Vendor : n/a Product: Post SMTP Vulnerable Versions: n/a through 2.9.9 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/post-smtp/wordpress-post-smtp-plugin-2-9-9-sql-injection-vulnerability?_s_id=cve– https://www.cve.org/CVERecord?id=CVE-2024-52436

Leggi di più
CVE

CVE-2024-49691 – Product Filter by WBW

Published : 2024-10-24 Title: WordPress Product Filter by WBW plugin <= 2.7.0 – SQL Injection vulnerability Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Woobewoo Product Filter by WBW allows SQL Injection.This issue affects Product Filter by WBW: from n/a through 2.7.0. CWE CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVSS Score Severity Version Vector String 7.6 HIGH 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L Vendor : n/a Product: Product Filter by WBW Vulnerable Versions: n/a through 2.7.0 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/woo-product-filter/wordpress-product-filter-by-wbw-plugin-2-7-0-sql-injection-vulnerability?_s_id=cve– https://www.cve.org/CVERecord?id=CVE-2024-49691

Leggi di più
CVE

CVE-2024-49244 – CSV Product Import Export for WooCommerce

Published : 2024-10-17 Title: WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 – SQL Injection vulnerability Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0. CWE CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVSS Score Severity Version Vector String 8.5 HIGH 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L Vendor : n/a Product: CSV Product Import Export for WooCommerce Vulnerable Versions: n/a through 1.0.0 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/csv-wc-product-import-export/wordpress-sv-product-import-export-for-woocommerce-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve – https://www.cve.org/CVERecord?id=CVE-2024-49244

Leggi di più
CVE

CVE-2024-47312 – Classic Editor and Classic Widgets

Published : 2024-10-17 Title: WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 – SQL Injection vulnerability Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1. CWE CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVSS Score Severity Version Vector String 8.5 HIGH 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L Vendor : n/a Product: Classic Editor and Classic Widgets Vulnerable Versions: n/a through 1.4.1 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/classic-editor-and-classic-widgets/wordpress-classic-editor-and-classic-widgets-plugin-1-4-1-sql-injection-vulnerability?_s_id=cve

Leggi di più
CVE

CVE-2024-47306 – Secure Copy Content Protection and Content Locking

Published : 2024-10-06 Title: WordPress Secure Copy Content Protection and Content Locking plugin <= 4.2.3 – Cross Site Scripting (XSS) vulnerability Description Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.2.3. CWE CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) CVSS Score Severity Version Vector String 7.1 HIGH 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Vendor : n/a Product: Secure Copy Content Protection and Content Locking Vulnerable Versions: n/a through 4.2.3 Proof of Concept: Vulnerability found by: DFEND Security Researcher References: – https://patchstack.com/database/vulnerability/secure-copy-content-protection-subscribe-to-view/wordpress-secure-copy-content-protection-and-content-locking-plugin-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve

Leggi di più