Latest vulnerabilities [Thursday, January 11, 2024]

Latest vulnerabilities [Thursday, January 11, 2024]
{{titre}}

Last update performed on 01/11/2024 at 11:57:06 PM

(8) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : github.com

Vulnerability ID : CVE-2024-21669

First published on : 11-01-2024 06:15:44
Last modified on : 11-01-2024 13:57:26

Description :
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5.

CVE ID : CVE-2024-21669
Source : security-advisories@github.com
CVSS Score : 9.9

References :
https://github.com/hyperledger/aries-cloudagent-python/commit/0b01ffffc0789205ac990292f97238614c9fd293 | source : security-advisories@github.com
https://github.com/hyperledger/aries-cloudagent-python/commit/4c45244e2085aeff2f038dd771710e92d7682ff2 | source : security-advisories@github.com
https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.10.5 | source : security-advisories@github.com
https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.11.0 | source : security-advisories@github.com
https://github.com/hyperledger/aries-cloudagent-python/security/advisories/GHSA-97x9-59rv-q5pm | source : security-advisories@github.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2024-22199

First published on : 11-01-2024 18:15:45
Last modified on : 11-01-2024 18:15:45

Description :
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks.

CVE ID : CVE-2024-22199
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/gofiber/template/commit/28cff3ac4d4c117ab25b5396954676d624b6cb46 | source : security-advisories@github.com
https://github.com/gofiber/template/security/advisories/GHSA-4mq2-gc4j-cmw6 | source : security-advisories@github.com

Vulnerability : CWE-116
Vulnerability : CWE-20
Vulnerability : CWE-79


Source : 0fc0942c-577d-436f-ae8e-945763c79b02

Vulnerability ID : CVE-2024-0252

First published on : 11-01-2024 08:15:35
Last modified on : 11-01-2024 13:57:26

Description :
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component.

CVE ID : CVE-2024-0252
Source : 0fc0942c-577d-436f-ae8e-945763c79b02
CVSS Score : 9.9

References :
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html | source : 0fc0942c-577d-436f-ae8e-945763c79b02


Source : wordfence.com

Vulnerability ID : CVE-2023-6316

First published on : 11-01-2024 09:15:48
Last modified on : 11-01-2024 13:57:26

Description :
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6316
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.0.1/classes/models/class.file.php#L60 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3003065/mw-wp-form#file15 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c03142-be30-4173-a140-14d73a16dd2b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6567

First published on : 11-01-2024 09:15:49
Last modified on : 11-01-2024 13:57:26

Description :
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-6567
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/changeset/3013957/learnpress | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6875

First published on : 11-01-2024 09:15:52
Last modified on : 11-01-2024 22:15:45

Description :
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

CVE ID : CVE-2023-6875
Source : security@wordfence.com
CVSS Score : 9.8

References :
http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-Authorization-Bypass-Cross-Site-Scripting.html | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includes/rest-api/v1/rest-api.php#L60 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6979

First published on : 11-01-2024 09:15:53
Last modified on : 11-01-2024 13:57:09

Description :
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6979
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://drive.proton.me/urls/K4R2HDQBS0#iuTPm3NqZEdz | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php#L35 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3016708%40customer-reviews-woocommerce&new=3016708%40customer-reviews-woocommerce&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018507%40customer-reviews-woocommerce&new=3018507%40customer-reviews-woocommerce&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6699

First published on : 11-01-2024 07:15:09
Last modified on : 11-01-2024 13:57:26

Description :
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

CVE ID : CVE-2023-6699
Source : security@wordfence.com
CVSS Score : 9.1

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve | source : security@wordfence.com


(17) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-5448

First published on : 11-01-2024 04:15:08
Last modified on : 11-01-2024 13:57:26

Description :
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link.

CVE ID : CVE-2023-5448
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset/3018102 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ca564941-4780-4da2-b937-c9bd45966d81?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6878

First published on : 11-01-2024 09:15:52
Last modified on : 11-01-2024 13:57:09

Description :
The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.

CVE ID : CVE-2023-6878
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/slick-social-share-buttons/tags/2.4.11/inc/dcwp_admin.php#L49 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5504

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.

CVE ID : CVE-2023-5504
Source : security@wordfence.com
CVSS Score : 8.7

References :
https://plugins.trac.wordpress.org/browser/backwpup/trunk/inc/class-page-settings.php?rev=2818974#L457 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3000176%40backwpup%2Ftrunk&old=2980789%40backwpup%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6220

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6220
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/browser/piotnetforms/tags/1.0.26/inc/forms/ajax-form-builder.php#L430 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/af2b7eac-a3f5-408f-b139-643e70b3f27a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6634

First published on : 11-01-2024 09:15:50
Last modified on : 11-01-2024 13:57:26

Description :
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.

CVE ID : CVE-2023-6634
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/changeset/3013957/learnpress | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/21291ed7-cdc0-4698-9ec4-8417160845ed?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6266

First published on : 11-01-2024 09:15:48
Last modified on : 11-01-2024 13:57:26

Description :
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.

CVE ID : CVE-2023-6266
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.php#L1048 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.5/includes/initializer.php#L972 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/initializer.php#L1065 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/08801f53-3c57-41a3-a637-4b52637cc612?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6751

First published on : 11-01-2024 09:15:51
Last modified on : 11-01-2024 13:57:09

Description :
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode.

CVE ID : CVE-2023-6751
Source : security@wordfence.com
CVSS Score : 7.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010008%40hostinger%2Ftrunk&old=3010004%40hostinger%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d89cf759-5e5f-43e2-90a9-a8e554653ee1?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6558

First published on : 11-01-2024 09:15:49
Last modified on : 11-01-2024 13:57:26

Description :
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6558
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/users-customers-import-export-for-wp-woocommerce/tags/2.4.7/admin/modules/import/classes/class-import-ajax.php#L124 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3008454/users-customers-import-export-for-wp-woocommerce#file197 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/55b3e2dc-dc4f-408b-bbc6-da72ed5ad245?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6636

First published on : 11-01-2024 09:15:50
Last modified on : 11-01-2024 13:57:26

Description :
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6636
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/trunk/settings.php?rev=3006373#L867 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3009030/greenshift-animation-and-page-builder-blocks/trunk/settings.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6828

First published on : 11-01-2024 09:15:52
Last modified on : 11-01-2024 13:57:09

Description :
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6828
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3013347@arforms-form-builder/trunk&old=2998602@arforms-form-builder/trunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e349cae-a996-4a32-807a-a98ebcb01edd?source=cve | source : security@wordfence.com


Source : us.ibm.com

Vulnerability ID : CVE-2023-31003

First published on : 11-01-2024 03:15:09
Last modified on : 11-01-2024 13:57:26

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.

CVE ID : CVE-2023-31003
Source : psirt@us.ibm.com
CVSS Score : 8.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254658 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-59


Source : github.com

Vulnerability ID : CVE-2024-22190

First published on : 11-01-2024 02:15:48
Last modified on : 11-01-2024 13:57:26

Description :
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.

CVE ID : CVE-2024-22190
Source : security-advisories@github.com
CVSS Score : 7.8

References :
https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f | source : security-advisories@github.com
https://github.com/gitpython-developers/GitPython/pull/1792 | source : security-advisories@github.com
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx | source : security-advisories@github.com

Vulnerability : CWE-426


Vulnerability ID : CVE-2024-22197

First published on : 11-01-2024 18:15:45
Last modified on : 11-01-2024 18:15:45

Description :
Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.

CVE ID : CVE-2024-22197
Source : security-advisories@github.com
CVSS Score : 7.7

References :
https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m | source : security-advisories@github.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2024-21637

First published on : 11-01-2024 06:15:43
Last modified on : 11-01-2024 13:57:26

Description :
Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.

CVE ID : CVE-2024-21637
Source : security-advisories@github.com
CVSS Score : 7.6

References :
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6 | source : security-advisories@github.com
https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-22198

First published on : 11-01-2024 20:15:45
Last modified on : 11-01-2024 20:15:45

Description :
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.

CVE ID : CVE-2024-22198
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18 | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11 | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29 | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45 | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12 | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 | source : security-advisories@github.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2024-22196

First published on : 11-01-2024 20:15:44
Last modified on : 11-01-2024 20:15:44

Description :
Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.

CVE ID : CVE-2024-22196
Source : security-advisories@github.com
CVSS Score : 7.0

References :
https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b | source : security-advisories@github.com
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c | source : security-advisories@github.com

Vulnerability : CWE-89


Source : incibe.es

Vulnerability ID : CVE-2024-0429

First published on : 11-01-2024 16:15:54
Last modified on : 11-01-2024 16:34:20

Description :
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown.

CVE ID : CVE-2024-0429
Source : cve-coordination@incibe.es
CVSS Score : 7.3

References :
https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop | source : cve-coordination@incibe.es

Vulnerability : CWE-119


(71) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-6583

First published on : 11-01-2024 09:15:49
Last modified on : 11-01-2024 13:57:26

Description :
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.

CVE ID : CVE-2023-6583
Source : security@wordfence.com
CVSS Score : 6.6

References :
https://plugins.trac.wordpress.org/changeset/3007057/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6637

First published on : 11-01-2024 09:15:50
Last modified on : 11-01-2024 13:57:26

Description :
The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.

CVE ID : CVE-2023-6637
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/browser/host-analyticsjs-local/tags/4.7.12/includes/class-caos.php#L414 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3008878/host-analyticsjs-local#file8 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3009011/host-analyticsjs-local#file5 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ec1fd03-f865-4f58-b63b-e70c0c7e701d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6638

First published on : 11-01-2024 09:15:50
Last modified on : 11-01-2024 13:57:26

Description :
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.

CVE ID : CVE-2023-6638
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/browser/gg-woo-feed/trunk/inc/Admin/Admin.php?rev=2933599#L199 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6b9b0a-e82e-459a-bddf-1c9354bcec00?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6994

First published on : 11-01-2024 09:15:54
Last modified on : 11-01-2024 13:57:09

Description :
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6994
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.svn.wordpress.org/list-category-posts/trunk/include/lcp-wrapper.php | source : security@wordfence.com
https://plugins.svn.wordpress.org/list-category-posts/trunk/list-category-posts.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018689%40list-category-posts&new=3018689%40list-category-posts&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6242

First published on : 11-01-2024 15:15:08
Last modified on : 11-01-2024 16:34:20

Description :
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-6242
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://docs.myeventon.com/documentations/eventon-changelog/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3017578/eventon-lite/trunk/includes/admin/class-admin-ajax.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6244

First published on : 11-01-2024 15:15:08
Last modified on : 11-01-2024 16:34:20

Description :
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-6244
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://docs.myeventon.com/documentations/eventon-changelog/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4372

First published on : 11-01-2024 09:15:46
Last modified on : 11-01-2024 13:57:26

Description :
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4372
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://github.com/litespeedtech/lscache_wp/commit/95a407d9f192b37ac6cf96d2aa50f240e3e6b2d7#diff-7b2c514b58d1b8a71655607bdfab87cedb013bc1b8927ce0b49a89ddf4a7e01cR495 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/litespeed-cache/tags/5.5.1/src/esi.cls.php#L480 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2977143/litespeed-cache#file348 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/27026f0f-c85e-4409-9973-4b9cb8a90da5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4960

First published on : 11-01-2024 09:15:46
Last modified on : 11-01-2024 13:57:26

Description :
The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4960
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.6.1/core/class-wcfmmp-shortcode.php#L241 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wc-multivendor-marketplace/tags/3.6.1/views/store-lists/wcfmmp-view-store-lists.php#L207 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3000763/wc-multivendor-marketplace#file999 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f99e9f01-cc98-4af5-bb95-f56f6a550e96?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4962

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4962
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/video-popup/trunk/features/shortcode.php?rev=2928708#L144 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3004434/video-popup | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/670ea03e-2f76-48a4-9f40-bc4cfd987a89?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6561

First published on : 11-01-2024 09:15:49
Last modified on : 11-01-2024 13:57:26

Description :
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6561
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/category.php#L62 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/meta-box.php#L213 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3009699%40featured-image-from-url%2Ftrunk&old=3003342%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4d5ae93-000e-4001-adfa-c11058032469?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6645

First published on : 11-01-2024 09:15:51
Last modified on : 11-01-2024 13:57:26

Description :
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6645
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010342%40post-grid%2Ftrunk&old=2999466%40post-grid%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab777672-6eef-4078-932d-24bb784107fa?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6684

First published on : 11-01-2024 09:15:51
Last modified on : 11-01-2024 13:57:26

Description :
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6684
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/ibtana-visual-editor/trunk/ive-countdown.php?rev=2965648#L633 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3006647/ibtana-visual-editor/trunk/ive-countdown.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0b09d496-0e03-48a4-acf7-57febe18ed0a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6776

First published on : 11-01-2024 09:15:51
Last modified on : 11-01-2024 13:57:09

Description :
The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6776
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3014013/interactive-3d-flipbook-powered-physics-engine | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6781

First published on : 11-01-2024 09:15:52
Last modified on : 11-01-2024 13:57:09

Description :
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6781
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/header-footer-scripts/init.php#L315 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/header-footer-scripts/init.php#L34 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3011567%40themeisle-companion%2Ftrunk&old=2991564%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/23e39019-c322-4027-84f2-faabd9ca4983?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6782

First published on : 11-01-2024 09:15:52
Last modified on : 11-01-2024 13:57:09

Description :
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6782
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.svn.wordpress.org/accelerated-mobile-pages/trunk/templates/features.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010797%40accelerated-mobile-pages%2Ftrunk&old=2998126%40accelerated-mobile-pages%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6934

First published on : 11-01-2024 09:15:53
Last modified on : 11-01-2024 13:57:09

Description :
The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6934
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.svn.wordpress.org/limit-login-attempts-reloaded/trunk/core/Shortcodes.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012447%40limit-login-attempts-reloaded%2Ftrunk&old=2995934%40limit-login-attempts-reloaded%2Ftrunk&sfp_email=&sfph_mail=#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/906049c0-4710-47aa-bf44-cdf29032dc1f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6988

First published on : 11-01-2024 09:15:53
Last modified on : 11-01-2024 13:57:09

Description :
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6988
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.svn.wordpress.org/colibri-page-builder/trunk/extend-builder/shortcodes/render-js.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3013337%40colibri-page-builder&new=3013337%40colibri-page-builder&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/300b24af-10a1-45b9-87ec-7c98dc94e76b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7070

First published on : 11-01-2024 09:15:55
Last modified on : 11-01-2024 13:57:09

Description :
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-7070
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/email-encoder-bundle/trunk/core/includes/classes/class-email-encoder-bundle-run.php#L518 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/email-encoder-bundle/trunk/core/includes/classes/class-email-encoder-bundle-run.php#L529 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019206%40email-encoder-bundle&new=3019206%40email-encoder-bundle&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f5afe6ea-93b8-4782-8593-76468e370a45?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7071

First published on : 11-01-2024 09:15:55
Last modified on : 11-01-2024 13:57:09

Description :
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-7071
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/blocks/TableOfContents.php#L138 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3018547/essential-blocks/tags/4.4.7/blocks/TableOfContents.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f969cb24-734f-46e5-a74d-fddf8e61e096?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6938

First published on : 11-01-2024 15:15:08
Last modified on : 11-01-2024 16:34:20

Description :
The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details.

CVE ID : CVE-2023-6938
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://oxygenbuilder.com/oxygen-4-8-1-now-available/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6632

First published on : 11-01-2024 09:15:50
Last modified on : 11-01-2024 13:57:26

Description :
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-6632
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/extensions/scroll-to-top.php#L142 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3011757%40happy-elementor-addons%2Ftrunk&old=2987938%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/06ef69f0-34d3-4389-8a81-a4d9922f1468?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6882

First published on : 11-01-2024 09:15:53
Last modified on : 11-01-2024 13:57:09

Description :
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-6882
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset/3010737/simple-membership | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/366165fe-93e5-49ab-b2e5-1de624f22286?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4247

First published on : 11-01-2024 09:15:46
Last modified on : 11-01-2024 13:57:26

Description :
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4247
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/give/trunk/includes/admin/misc-functions.php?rev=2772225#L333 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e32d9104-5a39-4455-b76a-e24ae787bdfd?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4248

First published on : 11-01-2024 09:15:46
Last modified on : 11-01-2024 13:57:26

Description :
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated attackers to deactivate the plugin's stripe integration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4248
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/give/trunk/includes/gateways/stripe/includes/admin/admin-actions.php?rev=2585755#L361 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2bff8dea-6971-47d4-bd2c-0821687033e5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6369

First published on : 11-01-2024 09:15:48
Last modified on : 11-01-2024 13:57:26

Description :
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.

CVE ID : CVE-2023-6369
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/cancelRcExportProcess.php#L23 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/deleteExportedZipFile.php#L24 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/exportLogPercentage.php#L23 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/requestForWpPageToStaticHtml.php#L24 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/saveAdvancedSettings.php#L22 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/searchPosts.php#L24 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/seeLogsInDetails.php#L22 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3002740/export-wp-page-to-static-html | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6556

First published on : 11-01-2024 09:15:48
Last modified on : 11-01-2024 13:57:26

Description :
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6556
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/smart-designer.php#L120 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/smart-designer.php#L21 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3012135%40woocommerce-currency-switcher&new=3012135%40woocommerce-currency-switcher&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6990

First published on : 11-01-2024 09:15:54
Last modified on : 11-01-2024 13:57:09

Description :
The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6990
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=212828%40weaver-xtreme&new=212828%40weaver-xtreme&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6496

First published on : 11-01-2024 09:15:48
Last modified on : 11-01-2024 13:57:26

Description :
The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings.

CVE ID : CVE-2023-6496
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3007199%40manage-notification-emails%2Ftrunk&old=2920034%40manage-notification-emails%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/048bc117-88df-44b3-a30c-692bad23050f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6582

First published on : 11-01-2024 09:15:49
Last modified on : 11-01-2024 13:57:26

Description :
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.

CVE ID : CVE-2023-6582
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/modules/controls/widget-area-utils.php#L15 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/widgets/init/enqueue-scripts.php#L44 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3011323/elementskit-lite/trunk/modules/controls/widget-area-utils.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6855

First published on : 11-01-2024 09:15:52
Last modified on : 11-01-2024 13:57:09

Description :
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.

CVE ID : CVE-2023-6855
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L528 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L997 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3011575/paid-memberships-pro/trunk/includes/rest-api.php?contextall=1&old=2947813&old_path=%2Fpaid-memberships-pro%2Ftrunk%2Fincludes%2Frest-api.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6624

First published on : 11-01-2024 09:15:50
Last modified on : 11-01-2024 13:57:26

Description :
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6624
Source : security@wordfence.com
CVSS Score : 4.9

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3007926%40import-users-from-csv-with-meta%2Ftrunk&old=3007057%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4731eb39-8c01-4a2b-80f7-15d8c13a19b5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6737

First published on : 11-01-2024 09:15:51
Last modified on : 11-01-2024 13:57:26

Description :
The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Exploiting this vulnerability requires the attacker to know the ID of an attachment uploaded by the user they are attacking.

CVE ID : CVE-2023-6737
Source : security@wordfence.com
CVSS Score : 4.7

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010103%40enable-media-replace%2Ftrunk&old=2990561%40enable-media-replace%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c37d8218-6059-46f2-a5d9-d7c22486211e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6446

First published on : 11-01-2024 07:15:08
Last modified on : 11-01-2024 13:57:26

Description :
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-6446
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset/3005354/calculated-fields-form | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c879123c-531e-43d8-a7d3-16a3c86b68a3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5691

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-5691
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3000724%40collectchat%2Ftrunk&old=2983408%40collectchat%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd67329-11b1-4f00-a422-bb4833a3181d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6924

First published on : 11-01-2024 09:15:53
Last modified on : 11-01-2024 13:57:09

Description :
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin.

CVE ID : CVE-2023-6924
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/Widget.php#L94 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetSlideshow.php#L64 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetTags.php#L58 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3013021/photo-gallery | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6630

First published on : 11-01-2024 05:15:09
Last modified on : 11-01-2024 13:57:26

Description :
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.

CVE ID : CVE-2023-6630
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3019572%40contact-form-7-dynamic-text-extension%2Ftrunk&old=2968460%40contact-form-7-dynamic-text-extension%2Ftrunk&sfp_email=&sfph_mail=#file4 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f1d836-da32-414f-9f2b-d485c44b2486?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6223

First published on : 11-01-2024 07:15:08
Last modified on : 11-01-2024 13:57:26

Description :
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress.

CVE ID : CVE-2023-6223
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3013957/learnpress | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/215d5d9e-dabb-462d-8c51-952f8c497b78?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6506

First published on : 11-01-2024 07:15:08
Last modified on : 11-01-2024 13:57:26

Description :
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site.

CVE ID : CVE-2023-6506
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/wp-2fa/trunk/includes/classes/Admin/class-setup-wizard.php?rev=2940688#L606 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/caff9be6-4161-47a0-ba47-6c8fc0c4ab40?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6520

First published on : 11-01-2024 07:15:09
Last modified on : 11-01-2024 13:57:26

Description :
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed.

CVE ID : CVE-2023-6520
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/wp-2fa/trunk/includes/classes/Admin/class-setup-wizard.php?rev=2940688#L606 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0af451be-2477-453c-a230-7f3fb804398b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6883

First published on : 11-01-2024 07:15:09
Last modified on : 11-01-2024 13:57:26

Description :
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs.

CVE ID : CVE-2023-6883
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3012165/easy-facebook-likebox | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4246

First published on : 11-01-2024 09:15:46
Last modified on : 11-01-2024 13:57:26

Description :
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4246
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/give/trunk/includes/admin/misc-functions.php?rev=2772225#L258 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/dc5c511f-dc79-468b-a107-cdf50999faf8?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6504

First published on : 11-01-2024 09:15:48
Last modified on : 11-01-2024 13:57:26

Description :
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata.

CVE ID : CVE-2023-6504
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3012472/profile-builder | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f515ccf8-7231-4728-b155-c47049087d42?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6598

First published on : 11-01-2024 09:15:49
Last modified on : 11-01-2024 13:57:26

Description :
The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options.

CVE ID : CVE-2023-6598
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3010577/speedycache | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6742

First published on : 11-01-2024 09:15:51
Last modified on : 11-01-2024 13:57:26

Description :
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.

CVE ID : CVE-2023-6742
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7019

First published on : 11-01-2024 09:15:54
Last modified on : 11-01-2024 13:57:09

Description :
The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs.

CVE ID : CVE-2023-7019
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3013229/wp-maintenance-mode/trunk/includes/classes/wp-maintenance-mode-admin.php?contextall=1&old=2922691&old_path=%2Fwp-maintenance-mode%2Ftrunk%2Fincludes%2Fclasses%2Fwp-maintenance-mode-admin.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b57d3d1d-dcdb-4f11-82d8-183778baa075?source=cve | source : security@wordfence.com


Source : github.com

Vulnerability ID : CVE-2024-21666

First published on : 11-01-2024 01:15:45
Last modified on : 11-01-2024 13:57:26

Description :
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.

CVE ID : CVE-2024-21666
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/DuplicatesController.php#L43 | source : security-advisories@github.com
https://github.com/pimcore/customer-data-framework/commit/c33c0048390ef0cf98b801d46a81d0762243baa6 | source : security-advisories@github.com
https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-c38c-c8mh-vq68 | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-21667

First published on : 11-01-2024 01:15:45
Last modified on : 11-01-2024 13:57:26

Description :
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.

CVE ID : CVE-2024-21667
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/GDPRDataController.php#L38 | source : security-advisories@github.com
https://github.com/pimcore/customer-data-framework/commit/6c34515be2ba39dceee7da07a1abf246309ccd77 | source : security-advisories@github.com
https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-g273-wppx-82w4 | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-22195

First published on : 11-01-2024 03:15:11
Last modified on : 11-01-2024 13:57:26

Description :
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

CVE ID : CVE-2024-22195
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/pallets/jinja/releases/tag/3.1.3 | source : security-advisories@github.com
https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21665

First published on : 11-01-2024 01:15:45
Last modified on : 11-01-2024 13:57:26

Description :
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.

CVE ID : CVE-2024-21665
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php#L98 | source : security-advisories@github.com
https://github.com/pimcore/ecommerce-framework-bundle/commit/05dec000ed009828084d05cf686f468afd1f464e | source : security-advisories@github.com
https://github.com/pimcore/ecommerce-framework-bundle/releases/tag/v1.0.10 | source : security-advisories@github.com
https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf | source : security-advisories@github.com

Vulnerability : CWE-284


Source : vuldb.com

Vulnerability ID : CVE-2024-0415

First published on : 11-01-2024 18:15:44
Last modified on : 11-01-2024 18:15:44

Description :
A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435.

CVE ID : CVE-2024-0415
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/63LhFitJmKGR | source : cna@vuldb.com
https://vuldb.com/?ctiid.250435 | source : cna@vuldb.com
https://vuldb.com/?id.250435 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-7226

First published on : 11-01-2024 21:15:12
Last modified on : 11-01-2024 21:15:12

Description :
A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232.

CVE ID : CVE-2023-7226
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://gitee.com/meetyoucrop/big-whale/issues/I6N31K | source : cna@vuldb.com
https://vuldb.com/?ctiid.250232 | source : cna@vuldb.com
https://vuldb.com/?id.250232 | source : cna@vuldb.com

Vulnerability : CWE-282


Vulnerability ID : CVE-2024-0426

First published on : 11-01-2024 21:15:12
Last modified on : 11-01-2024 21:15:12

Description :
A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250445 was assigned to this vulnerability.

CVE ID : CVE-2024-0426
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250445 | source : cna@vuldb.com
https://vuldb.com/?id.250445 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0416

First published on : 11-01-2024 18:15:44
Last modified on : 11-01-2024 18:15:44

Description :
A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436.

CVE ID : CVE-2024-0416
Source : cna@vuldb.com
CVSS Score : 5.4

References :
https://note.zhaoj.in/share/DxR7FZsCKJQ1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250436 | source : cna@vuldb.com
https://vuldb.com/?id.250436 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2024-0417

First published on : 11-01-2024 18:15:44
Last modified on : 11-01-2024 18:15:44

Description :
A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability.

CVE ID : CVE-2024-0417
Source : cna@vuldb.com
CVSS Score : 5.4

References :
https://note.zhaoj.in/share/ZpRTCLblKd7N | source : cna@vuldb.com
https://vuldb.com/?ctiid.250437 | source : cna@vuldb.com
https://vuldb.com/?id.250437 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2024-0411

First published on : 11-01-2024 17:15:08
Last modified on : 11-01-2024 17:15:08

Description :
A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431.

CVE ID : CVE-2024-0411
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://note.zhaoj.in/share/9G6K6RBjS4M4 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250431 | source : cna@vuldb.com
https://vuldb.com/?id.250431 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-0412

First published on : 11-01-2024 17:15:08
Last modified on : 11-01-2024 17:15:08

Description :
A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432.

CVE ID : CVE-2024-0412
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://note.zhaoj.in/share/Q56cf5nN9RzF | source : cna@vuldb.com
https://vuldb.com/?ctiid.250432 | source : cna@vuldb.com
https://vuldb.com/?id.250432 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-0413

First published on : 11-01-2024 17:15:09
Last modified on : 11-01-2024 17:15:09

Description :
A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability.

CVE ID : CVE-2024-0413
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://note.zhaoj.in/share/MarH4fY66BgO | source : cna@vuldb.com
https://vuldb.com/?ctiid.250433 | source : cna@vuldb.com
https://vuldb.com/?id.250433 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-0414

First published on : 11-01-2024 17:15:09
Last modified on : 11-01-2024 17:15:09

Description :
A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0414
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://note.zhaoj.in/share/xYQMsARg83ui | source : cna@vuldb.com
https://vuldb.com/?ctiid.250434 | source : cna@vuldb.com
https://vuldb.com/?id.250434 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-0418

First published on : 11-01-2024 18:15:44
Last modified on : 11-01-2024 18:15:44

Description :
A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0418
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://cxsecurity.com/issue/WLB-2024010023 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250438 | source : cna@vuldb.com
https://vuldb.com/?id.250438 | source : cna@vuldb.com
https://www.youtube.com/watch?v=WK7xK9KHiMU | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0419

First published on : 11-01-2024 19:15:13
Last modified on : 11-01-2024 19:15:13

Description :
A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439.

CVE ID : CVE-2024-0419
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://cxsecurity.com/issue/WLB-2024010027 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250439 | source : cna@vuldb.com
https://vuldb.com/?id.250439 | source : cna@vuldb.com
https://www.youtube.com/watch?v=6dAWGH0-6TY | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0425

First published on : 11-01-2024 20:15:44
Last modified on : 11-01-2024 20:15:44

Description :
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.

CVE ID : CVE-2024-0425
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250444 | source : cna@vuldb.com
https://vuldb.com/?id.250444 | source : cna@vuldb.com

Vulnerability : CWE-640


Source : microsoft.com

Vulnerability ID : CVE-2024-20675

First published on : 11-01-2024 21:15:13
Last modified on : 11-01-2024 21:15:13

Description :
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE ID : CVE-2024-20675
Source : secure@microsoft.com
CVSS Score : 6.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675 | source : secure@microsoft.com


Vulnerability ID : CVE-2024-21337

First published on : 11-01-2024 22:15:46
Last modified on : 11-01-2024 22:15:46

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2024-21337
Source : secure@microsoft.com
CVSS Score : 5.2

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337 | source : secure@microsoft.com


Source : us.ibm.com

Vulnerability ID : CVE-2023-45173

First published on : 11-01-2024 02:15:47
Last modified on : 11-01-2024 13:57:26

Description :
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.

CVE ID : CVE-2023-45173
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267971 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105282 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-45175

First published on : 11-01-2024 02:15:48
Last modified on : 11-01-2024 13:57:26

Description :
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.

CVE ID : CVE-2023-45175
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267973 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105282 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-38267

First published on : 11-01-2024 03:15:09
Last modified on : 11-01-2024 13:57:26

Description :
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584.

CVE ID : CVE-2023-38267
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260584 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-311


Vulnerability ID : CVE-2023-45169

First published on : 11-01-2024 03:15:09
Last modified on : 11-01-2024 13:57:26

Description :
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.

CVE ID : CVE-2023-45169
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267967 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105282 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-45171

First published on : 11-01-2024 03:15:10
Last modified on : 11-01-2024 13:57:26

Description :
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969.

CVE ID : CVE-2023-45171
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/267969 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105282 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-31001

First published on : 11-01-2024 03:15:09
Last modified on : 11-01-2024 13:57:26

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.

CVE ID : CVE-2023-31001
Source : psirt@us.ibm.com
CVSS Score : 5.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254653 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-257


Source : cert.pl

Vulnerability ID : CVE-2023-5118

First published on : 11-01-2024 16:15:54
Last modified on : 11-01-2024 16:34:20

Description :
The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious JavaScript code. The vulnerability was identified in the function for adding new annotations while editing document content. Reporters inform that the vulnerability has been removed in software versions above 11.1.x. Previous versions may also be vulnerable, but this has not been confirmed.

CVE ID : CVE-2023-5118
Source : cvd@cert.pl
CVSS Score : 5.4

References :
https://cert.pl/en/posts/2024/01/CVE-2023-5118/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-5118/ | source : cvd@cert.pl

Vulnerability : CWE-79


Source : synopsys.com

Vulnerability ID : CVE-2024-0227

First published on : 11-01-2024 20:15:44
Last modified on : 11-01-2024 20:15:44

Description :
Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks.

CVE ID : CVE-2024-0227
Source : disclosure@synopsys.com
CVSS Score : 5.0

References :
https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8 | source : disclosure@synopsys.com

Vulnerability : CWE-307


(7) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2022-4958

First published on : 11-01-2024 12:15:42
Last modified on : 11-01-2024 13:57:09

Description :
A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236.

CVE ID : CVE-2022-4958
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/qkmc-rk/redbbs/issues/1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250236 | source : cna@vuldb.com
https://vuldb.com/?id.250236 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0422

First published on : 11-01-2024 19:15:13
Last modified on : 11-01-2024 19:15:13

Description :
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability.

CVE ID : CVE-2024-0422
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250441 | source : cna@vuldb.com
https://vuldb.com/?id.250441 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0423

First published on : 11-01-2024 20:15:44
Last modified on : 11-01-2024 20:15:44

Description :
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0423
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250442 | source : cna@vuldb.com
https://vuldb.com/?id.250442 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0424

First published on : 11-01-2024 20:15:44
Last modified on : 11-01-2024 20:15:44

Description :
A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443.

CVE ID : CVE-2024-0424
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250443 | source : cna@vuldb.com
https://vuldb.com/?id.250443 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2022-4959

First published on : 11-01-2024 21:15:09
Last modified on : 11-01-2024 21:15:09

Description :
A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250237 was assigned to this vulnerability.

CVE ID : CVE-2022-4959
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/qkmc-rk/redbbs/issues/2 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250237 | source : cna@vuldb.com
https://vuldb.com/?id.250237 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : wordfence.com

Vulnerability ID : CVE-2023-7048

First published on : 11-01-2024 09:15:55
Last modified on : 11-01-2024 13:57:09

Description :
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a CSV file containing contact leads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Because the CSV file is exported to a public location, it can be downloaded during a very short window of time before it is automatically deleted by the export function.

CVE ID : CVE-2023-7048
Source : security@wordfence.com
CVSS Score : 3.1

References :
https://plugins.trac.wordpress.org/changeset/3016780/mystickymenu | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/be0ab40f-cff7-48bd-8dae-cc50af047151?source=cve | source : security@wordfence.com


Source : github.com

Vulnerability ID : CVE-2024-22194

First published on : 11-01-2024 03:15:10
Last modified on : 11-01-2024 13:57:26

Description :
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

CVE ID : CVE-2024-22194
Source : security-advisories@github.com
CVSS Score : 2.2

References :
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235 | source : security-advisories@github.com
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3 | source : security-advisories@github.com
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4 | source : security-advisories@github.com
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452 | source : security-advisories@github.com
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509 | source : security-advisories@github.com

Vulnerability : CWE-215
Vulnerability : CWE-337


(41) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : jpcert.or.jp

Vulnerability ID : CVE-2024-21773

First published on : 11-01-2024 00:15:44
Last modified on : 11-01-2024 13:57:26

Description :
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120".

CVE ID : CVE-2024-21773
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU91401812/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-21821

First published on : 11-01-2024 00:15:44
Last modified on : 11-01-2024 13:57:26

Description :
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115".

CVE ID : CVE-2024-21821
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU91401812/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-21833

First published on : 11-01-2024 00:15:44
Last modified on : 11-01-2024 13:57:26

Description :
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120".

CVE ID : CVE-2024-21833
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU91401812/ | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware | source : vultures@jpcert.or.jp
https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware | source : vultures@jpcert.or.jp


Source : mitre.org

Vulnerability ID : CVE-2022-40361

First published on : 11-01-2024 03:15:09
Last modified on : 11-01-2024 13:57:26

Description :
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.

CVE ID : CVE-2022-40361
Source : cve@mitre.org
CVSS Score : /

References :
https://elitecrm.co/ | source : cve@mitre.org
https://hazemhussien99.wordpress.com/2024/01/07/cve-2022-40361-disclosure/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51073

First published on : 11-01-2024 03:15:10
Last modified on : 11-01-2024 13:57:26

Description :
An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh.

CVE ID : CVE-2023-51073
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/christopher-pace/CVE-2023-51073/ | source : cve@mitre.org
https://www.buffalotech.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-52274

First published on : 11-01-2024 03:15:10
Last modified on : 11-01-2024 13:57:26

Description :
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.

CVE ID : CVE-2023-52274
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yzmcms/yzmcms/issues/65 | source : cve@mitre.org
https://github.com/yzmcms/yzmcms/tags | source : cve@mitre.org


Vulnerability ID : CVE-2023-37644

First published on : 11-01-2024 08:15:35
Last modified on : 11-01-2024 13:57:26

Description :
SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c.

CVE ID : CVE-2023-37644
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/202 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52027

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.

CVE ID : CVE-2023-52027
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/23/a3700r/TOTOLINKA3700R_NTPSyncWithHost/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52028

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.

CVE ID : CVE-2023-52028
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R_setTracerouteCfg/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52029

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.

CVE ID : CVE-2023-52029
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R%28setDiagnosisCfg%29/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52030

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.

CVE ID : CVE-2023-52030
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R%28setOpModeCfg%29/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52031

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.

CVE ID : CVE-2023-52031
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R_UploadFirmwareFile/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52032

First published on : 11-01-2024 09:15:47
Last modified on : 11-01-2024 13:57:26

Description :
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.

CVE ID : CVE-2023-52032
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/24/cve6/EX1200T_V4.1.2cu.5232_B20210713_downloadFlile/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50159

First published on : 11-01-2024 14:15:44
Last modified on : 11-01-2024 16:34:20

Description :
In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed.

CVE ID : CVE-2023-50159
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 | source : cve@mitre.org
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51748

First published on : 11-01-2024 14:15:44
Last modified on : 11-01-2024 16:34:20

Description :
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used.

CVE ID : CVE-2023-51748
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 | source : cve@mitre.org
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51749

First published on : 11-01-2024 14:15:44
Last modified on : 11-01-2024 16:34:20

Description :
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip.

CVE ID : CVE-2023-51749
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 | source : cve@mitre.org
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51750

First published on : 11-01-2024 14:15:44
Last modified on : 11-01-2024 16:34:20

Description :
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur.

CVE ID : CVE-2023-51750
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 | source : cve@mitre.org
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51751

First published on : 11-01-2024 14:15:44
Last modified on : 11-01-2024 16:34:20

Description :
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used.

CVE ID : CVE-2023-51751
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 | source : cve@mitre.org
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51984

First published on : 11-01-2024 16:15:53
Last modified on : 11-01-2024 16:34:20

Description :
D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.

CVE ID : CVE-2023-51984
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/1/readme.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51987

First published on : 11-01-2024 16:15:53
Last modified on : 11-01-2024 16:34:20

Description :
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.

CVE ID : CVE-2023-51987
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51989

First published on : 11-01-2024 16:15:53
Last modified on : 11-01-2024 16:34:20

Description :
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.

CVE ID : CVE-2023-51989
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/dir822+/2/readme.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22942

First published on : 11-01-2024 16:15:55
Last modified on : 11-01-2024 16:34:20

Description :
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.

CVE ID : CVE-2024-22942
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-23057

First published on : 11-01-2024 16:15:55
Last modified on : 11-01-2024 16:34:20

Description :
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.

CVE ID : CVE-2024-23057
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-23058

First published on : 11-01-2024 16:15:55
Last modified on : 11-01-2024 16:34:20

Description :
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.

CVE ID : CVE-2024-23058
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-23059

First published on : 11-01-2024 16:15:56
Last modified on : 11-01-2024 16:34:20

Description :
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.

CVE ID : CVE-2024-23059
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-23060

First published on : 11-01-2024 16:15:56
Last modified on : 11-01-2024 16:34:20

Description :
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.

CVE ID : CVE-2024-23060
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-23061

First published on : 11-01-2024 16:15:56
Last modified on : 11-01-2024 16:34:20

Description :
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.

CVE ID : CVE-2024-23061
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50671

First published on : 11-01-2024 17:15:08
Last modified on : 11-01-2024 17:15:08

Description :
In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address.

CVE ID : CVE-2023-50671
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/ | source : cve@mitre.org
https://johnst.org/sw/exiftags/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51780

First published on : 11-01-2024 19:15:12
Last modified on : 11-01-2024 21:15:10

Description :
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

CVE ID : CVE-2023-51780
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-51781

First published on : 11-01-2024 19:15:12
Last modified on : 11-01-2024 21:15:11

Description :
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

CVE ID : CVE-2023-51781
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198 | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-51782

First published on : 11-01-2024 19:15:12
Last modified on : 11-01-2024 21:15:11

Description :
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

CVE ID : CVE-2023-51782
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53 | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html | source : cve@mitre.org
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50123

First published on : 11-01-2024 21:15:10
Last modified on : 11-01-2024 21:15:10

Description :
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state.

CVE ID : CVE-2023-50123
Source : cve@mitre.org
CVSS Score : /

References :
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices | source : cve@mitre.org


Vulnerability ID : CVE-2023-50124

First published on : 11-01-2024 21:15:10
Last modified on : 11-01-2024 21:15:10

Description :
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.

CVE ID : CVE-2023-50124
Source : cve@mitre.org
CVSS Score : /

References :
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices | source : cve@mitre.org


Vulnerability ID : CVE-2023-50125

First published on : 11-01-2024 21:15:10
Last modified on : 11-01-2024 21:15:10

Description :
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.

CVE ID : CVE-2023-50125
Source : cve@mitre.org
CVSS Score : /

References :
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices | source : cve@mitre.org


Vulnerability ID : CVE-2023-50126

First published on : 11-01-2024 21:15:10
Last modified on : 11-01-2024 21:15:10

Description :
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state.

CVE ID : CVE-2023-50126
Source : cve@mitre.org
CVSS Score : /

References :
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices | source : cve@mitre.org


Vulnerability ID : CVE-2023-50127

First published on : 11-01-2024 21:15:10
Last modified on : 11-01-2024 21:15:10

Description :
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number.

CVE ID : CVE-2023-50127
Source : cve@mitre.org
CVSS Score : /

References :
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices | source : cve@mitre.org


Vulnerability ID : CVE-2023-50128

First published on : 11-01-2024 21:15:10
Last modified on : 11-01-2024 21:15:10

Description :
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.

CVE ID : CVE-2023-50128
Source : cve@mitre.org
CVSS Score : /

References :
http://hozard.com | source : cve@mitre.org
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices | source : cve@mitre.org


Vulnerability ID : CVE-2023-50129

First published on : 11-01-2024 21:15:10
Last modified on : 11-01-2024 21:15:10

Description :
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter.

CVE ID : CVE-2023-50129
Source : cve@mitre.org
CVSS Score : /

References :
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices | source : cve@mitre.org


Vulnerability ID : CVE-2023-46474

First published on : 11-01-2024 22:15:45
Last modified on : 11-01-2024 22:15:45

Description :
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.

CVE ID : CVE-2023-46474
Source : cve@mitre.org
CVSS Score : /

References :
http://pmb.com | source : cve@mitre.org
https://github.com/Xn2/CVE-2023-46474 | source : cve@mitre.org


Source : amd.com

Vulnerability ID : CVE-2023-20573

First published on : 11-01-2024 14:15:43
Last modified on : 11-01-2024 16:34:22

Description :
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.

CVE ID : CVE-2023-20573
Source : psirt@amd.com
CVSS Score : /

References :
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006 | source : psirt@amd.com


Source : cert.pl

Vulnerability ID : CVE-2023-6554

First published on : 11-01-2024 16:15:54
Last modified on : 11-01-2024 16:34:20

Description :
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

CVE ID : CVE-2023-6554
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-6554/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-6554/ | source : cvd@cert.pl
https://tcexam.org/ | source : cvd@cert.pl

Vulnerability : CWE-862


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.