CVE-2024-9047 - Exploiting Path Traversal in WordPress File Upload Plugin (v4.24.11 and Below)
Published: June 2024
Vulnerability Type: Path Traversal
Component: WordPress File Upload Plugin
Versions Affected: All up to 4.24.11
Attack Vector: Remote, unauthenticated
PHP
CVE-2024-9776 - How a WordPress Plugin Vulnerability Lets Admins Inject Malicious Scripts via ImagePress Settings
CVE-2024-9776 is a newly identified stored Cross-Site Scripting (XSS) weakness in the ImagePress – Image Gallery plugin for WordPress. This issue impacts all plugin versions through
CVE-2024-9778 - How a Simple CSRF Bug in ImagePress Plugin Can Compromise Your WordPress Site
The WordPress plugin ImagePress – Image Gallery is widely used for displaying beautiful image galleries on blogs and portfolio websites. However, a dangerous security flaw — officially
CVE-2024-9707 - WordPress Hunk Companion Plugin Exploit – Unauthorized Plugin Activations and the Road to RCE
CVE-2024-9707 is a serious security bug found in the popular Hunk Companion plugin for WordPress. If your website uses this plugin (versions 1.8.4
CVE-2024-9164 - How a GitLab EE Vulnerability Lets Attackers Run Pipelines on Any Branch
- [Proof of Concept: Exploiting Arbitrary Pipeline Execution](#proof-of-concept-exploiting-arbitrary-pipeline-execution)
Introduction
In June 2024, a serious vulnerability (CVE-2024-9164) was disclosed affecting GitLab Enterprise Edition (EE). The
Episode
00:00:00
00:00:00