Business Directory Plugin | GeoDirectory Security Vulnerabilities

SUSE SLES15 Security Update : kernel (Live Patch 38 for SLE 15 SP2) (SUSE-SU-2024:2109-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2109-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_157 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...

GLSA-202406-05 : JHead: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202406-05 (JHead: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

GLSA-202406-02 : Flatpak: Sandbox Escape

The remote host is affected by the vulnerability described in GLSA-202406-02 (Flatpak: Sandbox Escape) A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

SUSE SLES15 Security Update : kernel (Live Patch 13 for SLE 15 SP4) (SUSE-SU-2024:2156-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2156-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_66 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed...

SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP4) (SUSE-SU-2024:2166-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2166-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_100 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed...

CVE-2024-6120 Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2012-6664

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put...

CVE-2012-6664

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put...

Metasploit Weekly Wrap-Up 06/21/2024

Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...

CVE-2024-35781

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...

CVE-2024-35781

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...

CVE-2022-44593

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...

CVE-2024-35767

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through...

CVE-2022-44593

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...

CVE-2024-35778

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...

CVE-2023-38389

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...

CVE-2024-35778

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...

CVE-2023-38389

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...

CVE-2024-35767

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through...

CVE-2022-38055

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...

CVE-2022-38055

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...

CVE-2024-35781 WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...

CVE-2024-35778 WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...

CVE-2024-35767 WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through...

CVE-2023-38389 WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...

CVE-2022-44593 WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...

CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...

CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283)

Summary Potential Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION:...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-37118

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...

CVE-2024-37118

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...

CVE-2024-37212

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

CVE-2024-37212

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

CVE-2022-43453

Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...

CVE-2022-43453

Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...

CVE-2024-37118 WordPress Uncanny Automator Pro plugin <= 5.3 - Cross Site Request Forgery (CSRF) Leading to License Settings Reset vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...