'Fudousan Plugin' Series Security Vulnerabilities

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:1634-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1634-1 advisory. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when ...

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms < 1.2.1 - Cross-Site Request Forgery

Description The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the settings_page() function. This...

Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1946 Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability May 15, 2024 CVE Number CVE-2024-30311 SUMMARY An out-of-bounds read vulnerability exists in the Font functionality of Adobe Acrobat Reader 2023.008.20470.A specially...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...

Academy LMS < 1.9.26 - Unauthenticated Sensitive Information Exposure

Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

MC Woocommerce Wishlist < 1.7.3 - Missing Authorization

Description The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.2. This makes it possible for...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:1633-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1633-1 advisory. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact...

Kognetiks Chatbot for WordPress < 2.0.1 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution...

Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure

Description The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...

Arigato Autoresponder and Newsletter < 2.7.2.4 - Cross-Site Request Forgery

Description The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2.3. This is due to missing or incorrect nonce validation on the contact_form() function. This makes it possible for unauthenticated...

ShopBuilder – Elementor WooCommerce Builder Addons < 2.1.9 - Unauthenticated Sensitive Information Exposure

Description The ShopBuilder – Elementor WooCommerce Builder Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

Stockholm Core < 2.4.2 - Reflected Cross-Site Scripting

Description The Stockholm Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages.....

WordPress Webinar Plugin – WebinarPress <= 1.33.17 - Cross-Site Request Forgery

Description The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.33.17. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers.....

Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1952 Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability May 15, 2024 CVE Number CVE-2024-30312 SUMMARY An out-of-bounds read vulnerability exists in the Font functionality of Adobe Acrobat Reader 2023.008.20533.A specially crafted.....

RHEL 9 : kernel-rt (RHSA-2024:2846)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2846 advisory. kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628) kernel: untrusted VMM can trigger int80 syscall handling...

RHEL 9 : kernel (RHSA-2024:2845)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2845 advisory. kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628) kernel: untrusted VMM can trigger int80 syscall handling...

Timber < 1.23.1 - Authenticated (Admin+) PHP Object Injection

Description The Timber plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.23.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP....

Z-Downloads < 1.11.4 - Authenticated (Admin+) Arbitrary File Upload

Description The Z-Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.11.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the....

Giveaways and Contests by RafflePress < 1.12.5 - Missing Authorization

Description The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the resources/views/rafflepress-giveaway.php file in versions up to, and including, 1.12.4. This makes it possible for authenticated...

SUSE SLED12 / SLES12 Security Update : SUSE Manager Client Tools Beta (SUSE-SU-2024:1629-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1629-1 advisory. base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios ...

WP SMS < 6.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.5.1 due to insufficient input sanitization and output...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tpm2-0-tss (SUSE-SU-2024:1635-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1635-1 advisory. tpm2-tss: Fixed CVE-2024-29040 tpm2-tools: Fixed CVE-2024-29038 Fixed CVE-2024-29039 ...

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler < 1.6.5 - Missing Authorization via Several AJAX Action

Description The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with...

Zotpress < 7.3.10 - Authenticated (Contributor+) Cross-Site Scripting

Description The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 7.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Ultimate Store Kit Elementor Addons <= 1.6.2 - Unauthenticated PHP Object Injection

Description The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.2 via deserialization of untrusted...

Church Admin < 4.2.0 - Cross-Site Request Forgery

Description The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.32. This is due to missing or incorrect nonce validation on several functions in the includes/functions.php file. This makes it possible for unauthenticated...

Flo Forms <= 1.0.42 - Missing Authorization

Description The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.42. This makes it possible for unauthenticated attackers to perform an unauthorized...

ShortPixel Adaptive Images < 3.8.4 - Authenticated (Admin+) Server-Side Request Forgery

Description The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.8.3 via the is_our_cdn() function. This makes it possible for unauthenticated attackers to make web requests to....

Sticky banner < 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Sticky banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tpm2.0-tools (SUSE-SU-2024:1636-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1636-1 advisory. tpm2-tss: Fixed CVE-2024-29040 tpm2-tools: Fixed CVE-2024-29038 Fixed...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1642-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1642-1 advisory. In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4...

140+ Widgets | Best Addons For Elementor – FREE < 1.4.3.1 - Authenticated (Admin+) Cross Site Scripting

Description The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

SportsPress – Sports Club & League Manager < 2.7.21 - Missing Authorization to Notice Dismissal

Description The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_notices() function in versions up to, and including, 2.7.20. This makes it possible for authenticated attackers, with...

Social Sharing Plugin – Social Warfare < 4.4.6 - Cross-Site Request Forgery

Description The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.5.1. This is due to missing or incorrect nonce validation on the options_page_scan_url() function. This makes it possible for...

SUSE SLES15 Security Update : perl (SUSE-SU-2024:1630-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1630-1 advisory. Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set...

Contact List – Easy Business Directory, Staff Directory and Address Book Plugin < 2.9.88 - Missing Authorization to Notice Dismissal

Description The Contact List – Easy Business Directory, Staff Directory and Address Book Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_notifications() function in versions up to, and including, 2.9.87. This makes it.....

RHEL 9 : .NET 7.0 (RHSA-2024:2843)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2843 advisory. dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) dotnet: denial of service in ASP.NET Core due to deadlock in...

Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure

Description The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Stockholm Core < 2.4.2 - Authenticated (Contributor+) Local File Inclusion

Description The stockholm-core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the...

CVE-2024-4370 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2024-0437 Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....

CVE-2024-4363 Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-4666 Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

Grafana Plugin signature bypass

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...