5.3
CVE-2024-4740 - MXsecurity Use of Hard-coded Credentials
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
5.3
CVE-2024-4739 - MXsecurity License Generation Function Disclosure
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
8.6
CVE-2023-49570 - Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11β¦
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant toβ¦
8.6
CVE-2023-49567 - Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Sβ¦
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 aβ¦
8.6
CVE-2023-6058 - HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)
A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequenβ¦
8.6
CVE-2023-6057 - Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connectioβ¦
6.3
CVE-2024-10078 - WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functiβ¦
The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and β¦
8.8
CVE-2024-10079 - WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions anβ¦
6.4
CVE-2024-10055 - Click to Chat β WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Storeβ¦
The Click to Chat β WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. β¦
6.4
CVE-2024-10080 - WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-β¦