In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation. (CVSS:0.0) (Last Update:2021-06-21)
CVE-2021-24369
- Virtual Patching
- June 21, 2021
- 12:00 am
Contact us to get started
CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE
Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted
CVE-2024-26817 : LINUX KERNEL UP TO 6.8.5 AMDKFD KZALLOC INTEGER OVERFLOW
Description In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer
CVE-2024-3400 : PALO ALTO NETWORKS PAN-OS GLOBALPROTECT COMMAND INJECTION
Description A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and