WooCommerce-Payments plugin for Wordpress versions 4.8, 4.8.2, 4.9, 4.9.1, 5.0, 5.0.4, 5.1, 5.1.3, 5.2, 5.2.2, 5.3, 5.3.1, 5.4, 5.4.1, 5.5, 5.5.2, and 5.6, 5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header. With this authentication bypass, a user can then use the API to create a new user with administrative privileges on the target WordPress site IF the user ID selected corresponds to an administrator account.
6f6df2d58639769e982d2ed7af034862e1b5fef526f5ddae0309cdf72c8e05acThe GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.
e3b0f075dd3c67bb401766241b1a40088cf8f52a33b79fe6c2ea5b667c1296f2FC Red Bull Salzburg App versions 5.1.9-R and below suffer from an improper authorization vulnerability.
36f9fa037213d0a9bfa5881ce525ecadb7dad8894ee921d052b3d7b443ff7925SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
15ddc40a5043fe4407a10fa673fb39fdb12a08b717f9167e70ad626fbe024350SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability.
078ea2f052b0bdbecbdbb86ff5abadf7af3ecef36acd21e345034b86b58c3b8eWordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance.
45afa719cdeb338f8d0beb9b6c68e717ebfe472417ebe348bbc34459b0250c7cIntel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected.
a04c70c3c5d6b08862017de94ee487ead5f2b2595fd13961e1c80a947b2d275cThe latest version (5.1) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate their privileges to root by abusing a weak sudo configuration for the "dcm" user.
566ceaa70e7ce9a3bd9825a0b7a97b644b608fe05fd23b30746e3017a5408ae6Intel Data Center Manager versions 4.1.1.45749 and below suffer from an authentication bypass vulnerability via spoofing.
c994d19000e263ed1c33f5352902d080b70eb355d42bec09d1cf2d70a522e3e4WordPress BeTheme theme version 26.5.1.4 suffers from multiple PHP object injection vulnerabilities when processing input.
796d230d939138bf65ab0ead41b12275e53550798cf863b9b6609b758208dec5WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.
651b396c90687b1931dfce7d1f9402a1dff09a912ce895903c27111b0634e43eTransposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.
cf075b58a8a1c31fce95fca535703432ed02017dc8456967462b1e93044c2dccTransposh WordPress Translation versions 1.0.8.1 and below have a "save_transposh" action available at "/wp-admin/admin.php?page=tp_advanced" that does not properly validate the "Log file name" allowing an attacker with the "Administrator" role to specify a .php file as the log destination. Since the log file is stored directly within the "/wp-admin" directory, executing arbitrary PHP code is possible by simply sending a crafted request that gets logged.
8347827a18239dee9d623ea317bc7751b1e867031f7d4bbe6349594f42f4006fTransposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.
6ffce07022d6d645854345ed70ea8823b6aaf618f4db874a0b2b20afa74331a3Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber".
af33faff2eac2d7e60b23a09b13a21e743b2acab343abb9a1ba1e8f3913a386dTransposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "user_login" attribute. Successful exploits can allow an unauthenticated attacker to leak the WordPress username of translators. If an anonymous user submitted the translation, then the user's IP address is returned.
9edfbd7e51dbf96c4ec365750f8acbdc5e0bcb40dfa07245a905258f418c9681Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.
00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03cTransposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users to add translations via the plugin's "tp_translation" ajax action. Successful exploits can allow an unauthenticated attacker to add translations to the WordPress site and thereby influence what is actually shown on the site.
c25e589bc0f339822e669aa5ee336af340896bf3579587f6ad8e5c6ae0691179Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_translation" which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative interface on the pages "tp_main" and "tp_editor". However, since the plugin does not properly validate and sanitize the submitted translation, arbitrary Javascript code can be permanently injected and executed directly within the backend across all users visiting the page with the roles of at least "Subscriber" and up to "Administrator".
484332c9e36ec88f8a190cc80119a1f22da60e0f49e9a327a7f7268bba597fb7Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_tp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code onto the same page.
126f6f0908b2d0af3788074669b78c52b992a1d268ad9fca40e951bf16e63e90Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a configuration disclosure vulnerability.
ba600aa8322c82ebd04618aeda4cdc9a22917520900038fa00529aee1c78ebb1Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key disclosure vulnerability.
6a0bd039c1f58f660697b01a27d1512dbd2ffb57a9229991176f80a78cd66c64WordPress User Meta Lite and Pro plugin versions 2.4.3 and below suffer from a path traversal vulnerability.
9f5dfc7d061a12ed0156906753e063fd8b488898a8f4b2709039a9ee6f78125fSAP Knowledge Warehouse versions 7.30, 7.31, 7.40, and 7.50 suffer from a cross site scripting vulnerability.
3cdb75beff9ad13b8fd31c0196339aaa4bd2eba05bc62d3ddf8e67c54c8cf3a8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed