The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues
More Stories
php-tcpdf-6.8.0-1.fc41
FEDORA-2024-7d6412477b Packages in this update: php-tcpdf-6.8.0-1.fc41 Update description: Version 6.8.0 (2024-12-23) Requires PHP 7.1+ and curl extension. Escape error message....
php-tcpdf-6.8.0-1.fc40
FEDORA-2024-d6b0e72e3d Packages in this update: php-tcpdf-6.8.0-1.fc40 Update description: Version 6.8.0 (2024-12-23) Requires PHP 7.1+ and curl extension. Escape error message....
DSA-5838-1 gst-plugins-good1.0 – security update
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in...
ofono-2.14-1.fc40
FEDORA-2024-112fde4e1b Packages in this update: ofono-2.14-1.fc40 Update description: Update to v2.14 Read More
icecat-flatpak-115.18.0-2
FEDORA-FLATPAK-2024-5ad8ccec67 Packages in this update: icecat-flatpak-115.18.0-2 Update description: Updated patchset for CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 Read More
mupdf-1.24.6-2.fc40
FEDORA-2024-bfc5e25437 Packages in this update: mupdf-1.24.6-2.fc40 Update description: fix CVE-2024-46657 (rhbz#2331626) Read More