The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues
More Stories
LSN-0093-1: Kernel Live Patch Security Notice
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations....
USN-5972-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch...
USN-5954-2: Firefox regressions
USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the...
jpegoptim-1.5.3-1.fc38
FEDORA-2023-ee0bc9afb6 Packages in this update: jpegoptim-1.5.3-1.fc38 Update description: v1.5.3 - fix potential heap-buffer-overflow (read) when using stdin/stdout and processing corrupt...
jpegoptim-1.5.3-1.el9
FEDORA-EPEL-2023-9391e7aeda Packages in this update: jpegoptim-1.5.3-1.el9 Update description: v1.5.3 - fix potential heap-buffer-overflow (read) when using stdin/stdout and processing corrupt...