WIRKLICH FIXED: RSS feeds abonnieren!!!
A vulnerability classified as problematic has been found in dmitrylitvinov Uploading SVG, WEBP and ICO Files Plugin up to 1.0.1. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-34648. It is possible to launch the attack remotely. There is no exploit available....
Stored XSS and information exposure via wp-mail.php
vom 1699.89 Punkte
User authentication is not properly checked when the WordPress mail is run to prevent stored XSS. Additionally, adding email addresses from post-by-email logs are creating potential for information exposure vulnerability.
This vulnerability affects t
Open redirect in wp_nonce_ays
vom 1699.66 Punkte
The WordPress HTTP referer is not properly validated when a user is redirected.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
Leak in content from multipart emails and reverting shared objects for current user
vom 1696.94 Punkte
Reset PHPMailer properties between use to prevent information disclosure and revert shared objects for the current user to also prevent information disclosure
This vulnerability affects the following application versions:
WordPress 3.6
Stored XSS via comment editing
vom 1696.49 Punkte
Missing adequate checks during comment editing can lead to stored XSS attacks.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
CSRF in wp-trackback.php
vom 1696.49 Punkte
Missing authentication settings can lead to CSRF attacks
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
SQL injection within the link API
vom 1620.39 Punkte
The link API in the bookmark is not properly checked against an SQL injection.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
XSS vulnerability on the plugins screen
vom 1620.39 Punkte
The plugins screen is not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
Output escaping issue within the_meta()
vom 1620.39 Punkte
A variable in the_meta() function is not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
Object injection in some multisite installations
vom 1465.01 Punkte
The multisite installation of WordPress is not properly sanitized to prevent object injection via the upgrade process.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
SQL injection vulnerability in WP_Query
vom 1461.84 Punkte
Missing sanitization can lead to SQL injection in WP_Tax_Query
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
[CVE-2020-36326 - CVE-2018-19296] Object injection in PHPMailer
vom 1347.48 Punkte
CVE-2020-36326 - An external file could be unexpectedly executable if it was used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker was able to provide an unfiltered path to a file to attach.
CVE-2018-19296 - Was vuln
Porsche 911: Alle 8 Sportwagen-Generationen in Wort und Bild – 25 Jahre 996
vom 1271.88 Punkte
Update 15.11.2022: Vor 25 Jahren stellte Porsche den 996 als neue Generation des Porsche 911 vor. Der 996 kam erstmals mit einem Motor mit Wasserkühlung statt mit der bis dahin üblichen Luftkühlung. Das war aus technischer Sicht unvermeidlich. Das Design des 9