SIGMA Lite & Lite + Security Vulnerabilities

CVE-2023-52187

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through...

CVE-2023-52187 WordPress Image Source Control Plugin <= 2.17.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through...

Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_preview_emails

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcal_preview_emails function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate...

Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_delete_expired_used_coupon_code

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcal_delete_expired_used_coupon_code function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 84 vulnerabilities disclosed in 67...

Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2015-8383 DESCRIPTION: **PCRE is...

Security Bulletin: Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2022-3171, CVE-2022-3509)

Summary Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details ** CVEID: CVE-2022-3171 DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the...

CVE-2023-52221

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...

CVE-2023-52221

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...

CVE-2023-52221 WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.1 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...

GS Pins for Pinterest Lite < 1.8.1 - Missing Authorization via _update_shortcode

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check and a misconfigured nonce check on the _update_shortcode function, allowing authenticated attackers, with subscriber access and above, to update the plugin's...

WP-Lister Lite for eBay < 3.5.8 - Reflected Cross-Site Scripting via 's'

Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress themes that have been added to the Wordfence...

CVE-2023-23882

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...

CVE-2023-23882

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...

Authorization

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...

CVE-2023-23882 WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...

CVE-2022-36418

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...

CVE-2022-36418

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...

Authorization

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...

CVE-2022-36418 WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...

CVE-2023-7154

The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...

CVE-2023-7154

The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...

Cross site scripting

The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...

CVE-2023-7154 Hubbub Lite < 1.32.0 - Admin+ Stored XSS

The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the...

EulerOS 2.0 SP9 : bind (EulerOS-SA-2023-3291)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...

EulerOS Virtualization 2.10.1 : bind (EulerOS-SA-2023-3489)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....

EulerOS Virtualization 2.10.1 : bind (EulerOS-SA-2023-2911)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...

EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2023-2930)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...

EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-2802)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently...

EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2023-3461)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....

EulerOS 2.0 SP9 : bind (EulerOS-SA-2023-3323)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...

EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2024-1028)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....

EulerOS Virtualization 2.9.0 : bind (EulerOS-SA-2024-1002)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....

EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-3164)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...

EulerOS Virtualization 3.0.6.6 : bind (EulerOS-SA-2023-3391)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...

EulerOS Virtualization 3.0.6.0 : bind (EulerOS-SA-2023-3419)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2023-3113)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently...

EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-2778)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently...

EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2023-2949)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...

EulerOS Virtualization 2.9.0 : bind (EulerOS-SA-2023-2975)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...

EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-3199)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...

bind security update

CentOS Errata and Security Advisory CESA-2023:5691 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

Product Delivery Date for WooCommerce – Lite < 2.7.1 - Missing Authorization

Description The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdd_delete_all_special_delivery() function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers.....

Ajax Search Lite < 4.11.5 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2024 to January 7, 2024)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it...