Dernières vulnérabilités du Lundi 3 Juillet 2023 + weekend

Dernières vulnérabilités du Lundi 3 Juillet 2023 + weekend
{{titre}}

Dernière mise à jour efféctuée le 03/07/2023 à 23:58:03

(6) Vulnérabilité(s) CRITICAL [9.0, 10.0]

Vulnérabilité ID : CVE-2023-22814

Première publication le : 01-07-2023 00:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

CVE ID : CVE-2023-22814
Source : psirt@wdc.com
Score CVSS : 10.0

Références :
https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202 | source : psirt@wdc.com

Vulnérabilité : CWE-290


Vulnérabilité ID : CVE-2023-2834

Première publication le : 30-06-2023 02:15:08
Dernière modification le : 30-06-2023 12:59:58

Description :
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CVE ID : CVE-2023-2834
Source : security@wordfence.com
Score CVSS : 9.8

Références :
https://lana.codes/lanavdb/0dea1346-fd60-4338-8af6-6f89c29075d4/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/CustomerController.php#L27 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/bookit/tags/2.3.6/includes/classes/database/Customers.php#L63 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2919529/bookit | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2925153/bookit | source : security@wordfence.com
https://www.wordfence.com/blog/2023/06/stylemixthemes-addresses-authentication-bypass-vulnerability-in-bookit-wordpress-plugin/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd32e46-a4fc-4c10-b546-9f9da75db791?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-288


Vulnérabilité ID : CVE-2023-3249

Première publication le : 30-06-2023 02:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

CVE ID : CVE-2023-3249
Source : security@wordfence.com
Score CVSS : 9.8

Références :
https://plugins.trac.wordpress.org/browser/web3-authentication/tags/2.6.0/classes/common/Web3/controller/class-moweb3flowhandler.php#L198 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e30b62de-7280-4c29-b882-dfa83e65966b?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-288


Vulnérabilité ID : CVE-2023-3490

Première publication le : 30-06-2023 22:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CVE ID : CVE-2023-3490
Source : security@huntr.dev
Score CVSS : 9.8

Références :
https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114 | source : security@huntr.dev
https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd | source : security@huntr.dev

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-36812

Première publication le : 30-06-2023 23:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.

CVE ID : CVE-2023-36812
Source : security-advisories@github.com
Score CVSS : 9.8

Références :
https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9 | source : security-advisories@github.com
https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba | source : security-advisories@github.com
https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw | source : security-advisories@github.com

Vulnérabilité : CWE-74


Vulnérabilité ID : CVE-2023-36477

Première publication le : 30-06-2023 19:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.

CVE ID : CVE-2023-36477
Source : security-advisories@github.com
Score CVSS : 9.0

Références :
https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-793w-g325-hrw2 | source : security-advisories@github.com
https://jira.xwiki.org/browse/CKEDITOR-508 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20590 | source : security-advisories@github.com

Vulnérabilité : CWE-79


(19) Vulnérabilité(s) HIGH [7.0, 8.9]

Vulnérabilité ID : CVE-2023-3063

Première publication le : 30-06-2023 02:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.

CVE ID : CVE-2023-3063
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/classes/ajax.php#L149 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc2e720-85d9-42d9-94ef-eb172425993d?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-639


Vulnérabilité ID : CVE-2021-4385

Première publication le : 01-07-2023 04:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4385
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473452%40wp-private-content-plus&new=2473452%40wp-private-content-plus&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/238f6d81-78ba-426c-866a-31f9279e4f99?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4386

Première publication le : 01-07-2023 04:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4386
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-security-questions/trunk/modules/settings/model.settings.php#L34 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/23f9d758-4b5e-44e5-9f58-a37b01c4ffdb?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4394

Première publication le : 01-07-2023 05:15:16
Dernière modification le : 03-07-2023 01:10:10

Description :
The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4394
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548546%40locations&new=2548546%40locations&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3df9f237-a861-43fc-8623-d42f84d8d5d1?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4398

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4398
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548741%40amministrazione-trasparente&new=2548741%40amministrazione-trasparente&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6358fc29-5b09-481a-9040-a7890b61f419?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4401

Première publication le : 01-07-2023 06:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4401
Source : security@wordfence.com
Score CVSS : 8.8

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-34451

Première publication le : 03-07-2023 17:15:09
Dernière modification le : 03-07-2023 18:33:32

Description :
CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node. The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC's would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.

CVE ID : CVE-2023-34451
Source : security-advisories@github.com
Score CVSS : 8.2

Références :
https://github.com/cometbft/cometbft/pull/890 | source : security-advisories@github.com
https://github.com/cometbft/cometbft/security/advisories/GHSA-w24w-wp77-qffm | source : security-advisories@github.com
https://github.com/tendermint/tendermint/pull/2778 | source : security-advisories@github.com

Vulnérabilité : CWE-401


Vulnérabilité ID : CVE-2023-29241

Première publication le : 30-06-2023 22:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network

CVE ID : CVE-2023-29241
Source : psirt@bosch.com
Score CVSS : 8.1

Références :
https://psirt.bosch.com/security-advisories/BOSCH-SA-988400-BT.html | source : psirt@bosch.com

Vulnérabilité : CWE-1112


Vulnérabilité ID : CVE-2023-3314

Première publication le : 03-07-2023 09:15:09
Dernière modification le : 03-07-2023 13:02:14

Description :
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.

CVE ID : CVE-2023-3314
Source : trellixpsirt@trellix.com
Score CVSS : 8.1

Références :
https://kcm.trellix.com/corporate/index?page=content&id=SB10403 | source : trellixpsirt@trellix.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-3491

Première publication le : 30-06-2023 22:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CVE ID : CVE-2023-3491
Source : security@huntr.dev
Score CVSS : 8.0

Références :
https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114 | source : security@huntr.dev
https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d | source : security@huntr.dev

Vulnérabilité : CWE-434


Vulnérabilité ID : CVE-2023-3313

Première publication le : 03-07-2023 08:15:09
Dernière modification le : 03-07-2023 13:02:14

Description :
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.

CVE ID : CVE-2023-3313
Source : trellixpsirt@trellix.com
Score CVSS : 7.8

Références :
https://kcm.trellix.com/corporate/index?page=content&id=SB10403 | source : trellixpsirt@trellix.com

Vulnérabilité : CWE-78


Vulnérabilité ID : CVE-2023-3493

Première publication le : 30-06-2023 22:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CVE ID : CVE-2023-3493
Source : security@huntr.dev
Score CVSS : 7.7

Références :
https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc | source : security@huntr.dev
https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce | source : security@huntr.dev

Vulnérabilité : CWE-1236


Vulnérabilité ID : CVE-2023-2846

Première publication le : 30-06-2023 05:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.

CVE ID : CVE-2023-2846
Source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Score CVSS : 7.5

Références :
https://jvn.jp/vu/JVNVU94519952 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04 | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-005_en.pdf | source : Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Vulnérabilité : CWE-294


Vulnérabilité ID : CVE-2023-36814

Première publication le : 03-07-2023 17:15:09
Dernière modification le : 03-07-2023 18:33:32

Description :
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.

CVE ID : CVE-2023-36814
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/zopefoundation/Products.CMFCore/commit/40f03f43a60f28ca9485c8ef429efef729be54e5 | source : security-advisories@github.com
https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87 | source : security-advisories@github.com

Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-36817

Première publication le : 03-07-2023 18:15:09
Dernière modification le : 03-07-2023 18:33:32

Description :
`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase.

CVE ID : CVE-2023-36817
Source : security-advisories@github.com
Score CVSS : 7.5

Références :
https://github.com/tktchurch/website/security/advisories/GHSA-x3m6-5hmf-5x3w | source : security-advisories@github.com

Vulnérabilité : CWE-200Vulnérabilité : CWE-798


Vulnérabilité ID : CVE-2023-35935

Première publication le : 03-07-2023 17:15:09
Dernière modification le : 03-07-2023 18:33:32

Description :
@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vulnerable to cross site request forgery (CSRF) prior to version 7.2.0.. All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is to prevent CSRF attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. Version 7.2.0 changes the default behavior to store the `state` in a cookie with the `http-only` and `same-site=lax` attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the `checkStateFunction` function, which now accepts the full `Request` object. There are no known workarounds for the issue.

CVE ID : CVE-2023-35935
Source : security-advisories@github.com
Score CVSS : 7.4

Références :
https://auth0.com/docs/secure/attack-protection/state-parameters | source : security-advisories@github.com
https://github.com/fastify/fastify-oauth2/commit/bff756b456cbb769080631af2beb85671ff4c79c | source : security-advisories@github.com
https://github.com/fastify/fastify-oauth2/releases/tag/v7.2.0 | source : security-advisories@github.com
https://github.com/fastify/fastify-oauth2/security/advisories/GHSA-g8x5-p9qc-cf95 | source : security-advisories@github.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2023-26135

Première publication le : 30-06-2023 05:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file.

CVE ID : CVE-2023-26135
Source : report@snyk.io
Score CVSS : 7.3

Références :
https://github.com/brycebaril/node-flatnest/blob/b7d97ec64a04632378db87fcf3577bd51ac3ee39/nest.js%23L43 | source : report@snyk.io
https://github.com/brycebaril/node-flatnest/issues/4 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-FLATNEST-3185149 | source : report@snyk.io


Vulnérabilité ID : CVE-2023-36815

Première publication le : 03-07-2023 18:15:09
Dernière modification le : 03-07-2023 18:33:32

Description :
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists.

CVE ID : CVE-2023-36815
Source : security-advisories@github.com
Score CVSS : 7.3

Références :
https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w | source : security-advisories@github.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2023-36609

Première publication le : 03-07-2023 20:15:09
Dernière modification le : 03-07-2023 20:31:37

Description :
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.

CVE ID : CVE-2023-36609
Source : ics-cert@hq.dhs.gov
Score CVSS : 7.2

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-829


(57) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Vulnérabilité ID : CVE-2023-35946

Première publication le : 30-06-2023 21:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.

CVE ID : CVE-2023-35946
Source : security-advisories@github.com
Score CVSS : 6.9

Références :
https://docs.gradle.org/current/userguide/dependency_verification.html | source : security-advisories@github.com
https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d | source : security-advisories@github.com
https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12 | source : security-advisories@github.com
https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-35947

Première publication le : 30-06-2023 21:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)

CVE ID : CVE-2023-35947
Source : security-advisories@github.com
Score CVSS : 6.9

Références :
https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 | source : security-advisories@github.com
https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91 | source : security-advisories@github.com
https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-26136

Première publication le : 01-07-2023 05:15:16
Dernière modification le : 03-07-2023 01:10:10

Description :
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

CVE ID : CVE-2023-26136
Source : report@snyk.io
Score CVSS : 6.5

Références :
https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e | source : report@snyk.io
https://github.com/salesforce/tough-cookie/issues/282 | source : report@snyk.io
https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 | source : report@snyk.io


Vulnérabilité ID : CVE-2023-36819

Première publication le : 03-07-2023 19:15:09
Dernière modification le : 03-07-2023 20:31:37

Description :
Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8.

CVE ID : CVE-2023-36819
Source : security-advisories@github.com
Score CVSS : 6.5

Références :
https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-jw99-hxxj-75g2 | source : security-advisories@github.com

Vulnérabilité : CWE-22


Vulnérabilité ID : CVE-2023-36608

Première publication le : 03-07-2023 20:15:09
Dernière modification le : 03-07-2023 20:31:37

Description :
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.

CVE ID : CVE-2023-36608
Source : ics-cert@hq.dhs.gov
Score CVSS : 6.5

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-327


Vulnérabilité ID : CVE-2023-2727

Première publication le : 03-07-2023 21:15:09
Dernière modification le : 03-07-2023 21:15:09

Description :
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

CVE ID : CVE-2023-2727
Source : jordan@liggitt.net
Score CVSS : 6.5

Références :
https://github.com/kubernetes/kubernetes/issues/118640 | source : jordan@liggitt.net
https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 | source : jordan@liggitt.net

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-2728

Première publication le : 03-07-2023 21:15:09
Dernière modification le : 03-07-2023 21:15:09

Description :
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

CVE ID : CVE-2023-2728
Source : jordan@liggitt.net
Score CVSS : 6.5

Références :
https://github.com/kubernetes/kubernetes/issues/118640 | source : jordan@liggitt.net
https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 | source : jordan@liggitt.net

Vulnérabilité : CWE-20


Vulnérabilité ID : CVE-2023-36611

Première publication le : 03-07-2023 21:15:10
Dernière modification le : 03-07-2023 21:15:10

Description :
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.

CVE ID : CVE-2023-36611
Source : ics-cert@hq.dhs.gov
Score CVSS : 6.5

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-285


Vulnérabilité ID : CVE-2023-3395

Première publication le : 03-07-2023 21:15:10
Dernière modification le : 03-07-2023 21:15:10

Description :
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.

CVE ID : CVE-2023-3395
Source : ics-cert@hq.dhs.gov
Score CVSS : 6.5

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-256


Vulnérabilité ID : CVE-2021-31982

Première publication le : 01-07-2023 00:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE ID : CVE-2021-31982
Source : secure@microsoft.com
Score CVSS : 6.3

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36807

Première publication le : 30-06-2023 19:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.

CVE ID : CVE-2023-36807
Source : security-advisories@github.com
Score CVSS : 6.2

Références :
https://github.com/py-pdf/pypdf/issues/1329 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/pull/1331 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m | source : security-advisories@github.com

Vulnérabilité : CWE-835


Vulnérabilité ID : CVE-2023-36810

Première publication le : 30-06-2023 19:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-36810
Source : security-advisories@github.com
Score CVSS : 6.2

Références :
https://github.com/py-pdf/pypdf/issues/582 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/pull/808 | source : security-advisories@github.com
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw | source : security-advisories@github.com

Vulnérabilité : CWE-407


Vulnérabilité ID : CVE-2021-34506

Première publication le : 01-07-2023 00:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE ID : CVE-2021-34506
Source : secure@microsoft.com
Score CVSS : 6.1

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36816

Première publication le : 03-07-2023 17:15:09
Dernière modification le : 03-07-2023 18:33:32

Description :
2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.

CVE ID : CVE-2023-36816
Source : security-advisories@github.com
Score CVSS : 6.1

Références :
https://github.com/Bubka/2FAuth/releases/tag/v4.0.3 | source : security-advisories@github.com
https://github.com/Bubka/2FAuth/security/advisories/GHSA-cwhq-2mcq-pp9q | source : security-advisories@github.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-22815

Première publication le : 30-06-2023 22:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This issue affects My Cloud OS 5 devices: before 5.26.300.

CVE ID : CVE-2023-22815
Source : psirt@wdc.com
Score CVSS : 6.0

Références :
https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300 | source : psirt@wdc.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-22816

Première publication le : 30-06-2023 22:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.

CVE ID : CVE-2023-22816
Source : psirt@wdc.com
Score CVSS : 6.0

Références :
https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300 | source : psirt@wdc.com

Vulnérabilité : CWE-77


Vulnérabilité ID : CVE-2023-37360

Première publication le : 30-06-2023 18:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

CVE ID : CVE-2023-37360
Source : cve@mitre.org
Score CVSS : 5.9

Références :
https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9 | source : cve@mitre.org


Vulnérabilité ID : CVE-2023-36610

Première publication le : 03-07-2023 21:15:09
Dernière modification le : 03-07-2023 21:15:09

Description :
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

CVE ID : CVE-2023-36610
Source : ics-cert@hq.dhs.gov
Score CVSS : 5.9

Références :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 | source : ics-cert@hq.dhs.gov

Vulnérabilité : CWE-331


Vulnérabilité ID : CVE-2021-34475

Première publication le : 01-07-2023 00:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2021-34475
Source : secure@microsoft.com
Score CVSS : 5.4

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-36539

Première publication le : 30-06-2023 03:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

CVE ID : CVE-2023-36539
Source : security@zoom.us
Score CVSS : 5.3

Références :
https://explore.zoom.us/en/trust/security/security-bulletin/ | source : security@zoom.us


Vulnérabilité ID : CVE-2023-3469

Première publication le : 30-06-2023 01:15:08
Dernière modification le : 30-06-2023 12:59:58

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.

CVE ID : CVE-2023-3469
Source : security@huntr.dev
Score CVSS : 5.2

Références :
https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278 | source : security@huntr.dev
https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3473

Première publication le : 30-06-2023 07:15:08
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.

CVE ID : CVE-2023-3473
Source : cna@vuldb.com
Score CVSS : 4.7

Références :
https://github.com/E1CHO/cve_hub/blob/main/Retro%20Cellphone%20Online%20Store%20-%20vlun%204.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.232752 | source : cna@vuldb.com
https://vuldb.com/?id.232752 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3478

Première publication le : 30-06-2023 12:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-3478
Source : cna@vuldb.com
Score CVSS : 4.7

Références :
https://github.com/ShuangbiaoDai/CVE/blob/main/ibos%20oa.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.232759 | source : cna@vuldb.com
https://vuldb.com/?id.232759 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-3438

Première publication le : 03-07-2023 08:15:09
Dernière modification le : 03-07-2023 13:02:14

Description :
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.

CVE ID : CVE-2023-3438
Source : trellixpsirt@trellix.com
Score CVSS : 4.4

Références :
https://kcm.trellix.com/corporate/index?page=content&id=SB10404 | source : trellixpsirt@trellix.com

Vulnérabilité : CWE-428


Vulnérabilité ID : CVE-2023-3479

Première publication le : 30-06-2023 10:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.

CVE ID : CVE-2023-3479
Source : security@huntr.dev
Score CVSS : 4.3

Références :
https://github.com/hestiacp/hestiacp/commit/2326aa525a7ba14513af783f29cb5e62a476e67a | source : security@huntr.dev
https://huntr.dev/bounties/6ac5cf87-6350-4645-8930-8f2876427723 | source : security@huntr.dev

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2020-36735

Première publication le : 01-07-2023 03:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36735
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368462%40erp&new=2368462%40erp&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/01b90498-0ddb-4eb3-b76d-de30ed03d7d0?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36736

Première publication le : 01-07-2023 04:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36736
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2368446/cartflows/trunk/classes/class-cartflows-importer.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0d98c849-4178-4cee-846b-2c136bc56daf?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36737

Première publication le : 01-07-2023 04:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36737
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368366%40astra-import-export&new=2368366%40astra-import-export&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/194face3-36ac-4137-af9a-0b98f60e3afb?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36738

Première publication le : 01-07-2023 04:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36738
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2368335/cool-timeline/trunk/fa-icons/fa-icons-class.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36739

Première publication le : 01-07-2023 04:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36739
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2369818%40feed-them-social&new=2369818%40feed-them-social&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1fcbe3d1-449c-4135-bbf5-9ea9236e5328?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4384

Première publication le : 01-07-2023 04:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4384
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/photo-contest/tags/1.0.6/includes/admin/admin-page-galleries.php#L102 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/photo-contest/tags/1.0.6/includes/view/ajax-function.php#L559 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1355bc94-7110-4d61-855e-78889e58dcad?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4387

Première publication le : 01-07-2023 04:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4387
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/opal-estate/trunk/inc/ajax-functions.php#L177 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2645899c-2b6b-48bd-8f33-2a837a951c5e?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36740

Première publication le : 01-07-2023 05:15:14
Dernière modification le : 03-07-2023 01:10:10

Description :
The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36740
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368215%40radio-buttons-for-taxonomies&new=2368215%40radio-buttons-for-taxonomies&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/26a246c3-cf67-4566-b1e8-dc14c3c5c827?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36741

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36741
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/3.5.8/classes/class-wcmp-vendor-dashboard.php?rev=2381617#L432 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2c3d9fa7-8ea2-4213-8b28-2ca9191a8223?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36742

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36742
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368204%40custom-field-template&new=2368204%40custom-field-template&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3444c4b0-4619-482f-8313-d3006aa1e845?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36743

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36743
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2368377/post-type-x/trunk/core/includes/register-product.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/36e098fe-d1f9-4c8f-ae6b-222cbd5976b2?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36744

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36744
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2368331/notificationx/trunk/public/class-nx-public.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebe7680-a76d-4178-a729-f0d79d861912?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36745

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36745
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wedevs-project-manager/tags/2.4.1/core/Upgrades/Upgrade.php?rev=2368374#L179 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/456c13f5-4a8b-4eea-a2a0-f37f8508551b?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4388

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.

CVE ID : CVE-2021-4388
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/opal-estate/trunk/inc/ajax-functions.php#L177 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce729a2-a106-45ab-b96c-cfe75246def7?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-862


Vulnérabilité ID : CVE-2021-4389

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4389
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2477827/wp-travel/tags/4.4.7/inc/admin/class-admin-metaboxes.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/28dea1e9-e772-488e-b98f-93a46ab84581?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4390

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4390
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/contact-form-7-style/trunk/cf7-style-meta-box.php#L546 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2972cdaf-2d0a-4b55-b4f5-ccf01ff5352c?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4391

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4391
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/woo-gift-cards-lite/tags/2.1.2/admin/class-woocommerce-gift-cards-lite-admin.php?rev=2549904#L461 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2da322ea-0206-4838-8ac4-9dd201bb00bc?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4392

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4392
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368356%40ecommerce-product-catalog&new=2368356%40ecommerce-product-catalog&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2eb963dd-41c3-43cd-afb7-1be054829ea3?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4393

Première publication le : 01-07-2023 05:15:15
Dernière modification le : 03-07-2023 01:10:10

Description :
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4393
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2473569/ecommerce-product-catalog/trunk/modules/cart/includes/orders/includes/register-digital-orders.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/12ecf3d5-1457-405a-8856-517c7d2f2db1?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36746

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36746
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368729%40menu-swapper&new=2368729%40menu-swapper&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/49a04155-9fa8-45e0-b80b-3836d5271fa7?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36747

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36747
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368387%40sidebar-manager&new=2368387%40sidebar-manager&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/844c5012-f823-46ae-8de2-e2803b7cd063?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36748

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36748
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2368433/dokan-lite/trunk/includes/Dashboard/Templates/Orders.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/894c875a-078f-4c1f-83d2-4a6e4a309c3e?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2020-36749

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36749
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2370405%40easy-testimonials&new=2370405%40easy-testimonials&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8da49c2e-576c-490b-b812-96d15b6d2b1b?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4395

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4395
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2550169%40woo-abandoned-cart-recovery&new=2550169%40woo-abandoned-cart-recovery&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/45b627f9-e7c6-4bf6-b1c7-d607f3e083f8?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4396

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4396
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/rucy/trunk/inc/class-rucy-editor.php#L237 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/595d0401-55b9-418e-8b99-48b23e9a2662?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4397

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4397
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548539%40staff-directory-pro&new=2548539%40staff-directory-pro&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5971447d-0634-49a5-91d0-c4f0c0825a86?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4399

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4399
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2478642%40edwiser-bridge&new=2478642%40edwiser-bridge&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6450dafd-5992-4831-87af-e5e47cc8663e?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4400

Première publication le : 01-07-2023 06:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4400
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2473344%40better-search&new=2473344%40better-search&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7acbcf74-2bae-412b-bf9d-70287a91deea?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4402

Première publication le : 01-07-2023 06:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4402
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2556328%40multiple-roles&new=2556328%40multiple-roles&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/862fa0c3-c16f-493e-9bf6-92debc0e30f6?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4403

Première publication le : 01-07-2023 06:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4403
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548575%40remove-schema&new=2548575%40remove-schema&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/89635463-966d-4f7d-995d-ad83a502d95b?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4404

Première publication le : 01-07-2023 06:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4404
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2554360/event-espresso-decaf/trunk/core/domain/services/pue/Stats.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/89d3a9da-2496-4f75-ad8f-65629f198fe5?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


Vulnérabilité ID : CVE-2021-4405

Première publication le : 01-07-2023 06:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4405
Source : security@wordfence.com
Score CVSS : 4.3

Références :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2473455/elasticpress/trunk/includes/classes/Feature/Autosuggest/Autosuggest.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8ab8eb9d-1427-4e99-8986-179147e0862e?source=cve | source : security@wordfence.com

Vulnérabilité : CWE-352


(7) Vulnérabilité(s) LOW [0.1, 3.9]

Vulnérabilité ID : CVE-2023-34450

Première publication le : 03-07-2023 17:15:09
Dernière modification le : 03-07-2023 18:33:32

Description :
CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places. The first is via logs, setting the `consensus` logging module to "debug" level (should not happen in production), and setting the log output format to JSON. The second is via RPC `dump_consensus_state`. Case 1, which should not be hit in production, will eventually hit the deadlock in most goroutines, effectively halting the node. In case 2, only the data structures related to the first peer will be deadlocked, together with the thread(s) dealing with the RPC request(s). This means that only one of the channels of communication to the node's peers will be blocked. Eventually the peer will timeout and excluded from the list (typically after 2 minutes). The goroutines involved in the deadlock will not be garbage collected, but they will not interfere with the system after the peer is excluded. The theoretical worst case for case 2, is a network with only two validator nodes. In this case, each of the nodes only has one `PeerState` struct. If `dump_consensus_state` is called in either node (or both), the chain will halt until the peer connections time out, after which the nodes will reconnect (with different `PeerState` structs) and the chain will progress again. Then, the same process can be repeated. As the number of nodes in a network increases, and thus, the number of peer struct each node maintains, the possibility of reproducing the perturbation visible with two nodes decreases. Only the first `PeerState` struct will deadlock, and not the others (RPC `dump_consensus_state` accesses them in a for loop, so the deadlock at the first iteration causes the rest of the iterations of that "for" loop to never be reached). This regression was fixed in versions 0.34.29 and 0.37.2. Some workarounds are available. For case 1 (hitting the deadlock via logs), either don't set the log output to "json", leave at "plain", or don't set the consensus logging module to "debug", leave it at "info" or higher. For case 2 (hitting the deadlock via RPC `dump_consensus_state`), do not expose `dump_consensus_state` RPC endpoint to the public internet (e.g., via rules in one's nginx setup).

CVE ID : CVE-2023-34450
Source : security-advisories@github.com
Score CVSS : 3.7

Références :
https://github.com/cometbft/cometbft/pull/524 | source : security-advisories@github.com
https://github.com/cometbft/cometbft/pull/863 | source : security-advisories@github.com
https://github.com/cometbft/cometbft/pull/865 | source : security-advisories@github.com
https://github.com/cometbft/cometbft/security/advisories/GHSA-mvj3-qrqh-cjvr | source : security-advisories@github.com

Vulnérabilité : CWE-401Vulnérabilité : CWE-770


Vulnérabilité ID : CVE-2023-3474

Première publication le : 30-06-2023 07:15:08
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.

CVE ID : CVE-2023-3474
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232753 | source : cna@vuldb.com
https://vuldb.com/?id.232753 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3475

Première publication le : 30-06-2023 07:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-3475
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232754 | source : cna@vuldb.com
https://vuldb.com/?id.232754 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3476

Première publication le : 30-06-2023 07:15:09
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.

CVE ID : CVE-2023-3476
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232755 | source : cna@vuldb.com
https://vuldb.com/?id.232755 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2023-3477

Première publication le : 30-06-2023 08:15:21
Dernière modification le : 30-06-2023 12:59:54

Description :
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.

CVE ID : CVE-2023-3477
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.232756 | source : cna@vuldb.com
https://vuldb.com/?id.232756 | source : cna@vuldb.com

Vulnérabilité : CWE-79


Vulnérabilité ID : CVE-2021-42307

Première publication le : 01-07-2023 00:15:09
Dernière modification le : 03-07-2023 01:10:10

Description :
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE ID : CVE-2021-42307
Source : secure@microsoft.com
Score CVSS : 3.1

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42307 | source : secure@microsoft.com


Vulnérabilité ID : CVE-2023-3485

Première publication le : 30-06-2023 18:15:10
Dernière modification le : 03-07-2023 01:10:10

Description :
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.

CVE ID : CVE-2023-3485
Source : security@temporal.io
Score CVSS : 3.0

Références :
https://github.com/temporalio/temporal/releases/tag/v1.20.0 | source : security@temporal.io

Vulnérabilité : CWE-1188Vulnérabilité : CWE-863


Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.