WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس Security Vulnerabilities

Exploit for Vulnerability in Microsoft

...

Exploit for OS Command Injection in Proscend M330-W Firmware

...

Exploit for Path Traversal in Lfprojects Mlflow

...

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

Hesk Rtl CMS 1 Cross Site Scripting

...

Wear OS Security Bulletin—August 2023

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2023-08-05 or later from the August 2023 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

Asanhamayesh CMS 3.4.6 Directory Traversal

...

Exploit for Code Injection in Weblizar School Management

...

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...

Improper access control

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...

CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...

WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete...

WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. PoC Exploit (#1 attachment id delete): fetch('http://localhost/wp-admin/admin-ajax.php', { method: 'POST', headers: new Headers({ 'Content-Type':...

Exploit for Improper Initialization in Linux Linux Kernel

...

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....

Authorization

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This.....

WP Shamsi < 4.1.1 - Unauthenticated Arbitrary Plugin Deactivation

The plugin does not have authorisation check when activating plugins via an action hooked to init(), which could allow unauthenticated attackers to deactivate arbitrary plugins from the...

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be...

WP ALL Export Pro < 1.7.9 - Authenticated SQLi

The plugin uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform...

Exploit for Out-of-bounds Write in Polkit Project Polkit

...

Exploit for Vulnerability in Tp-Link Archer Ax50 Firmware

...

Exploit for Improper Privilege Management in Openwebanalytics Open Web Analytics

...

CVE-2022-38058

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin &lt;= 4.1.1 at...

CVE-2022-38058

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin &lt;= 4.1.1 at...

Command injection

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin &lt;= 4.1.1 at...

WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

Authenticated Plugin Setting change vulnerability was discovered by Muhammad Daffa (Patchstack Alliance) in the WordPress WP Shamsi plugin (versions &lt;= 4.1.1). Solution Update the WordPress WP Shamsi plugin to the latest available version (at least...

CVE-2022-38058 WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin &lt;= 4.1.1 at...

WP Shamsi < 4.2.0 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update...

Exploit for Exposure of Resource to Wrong Sphere in Electronjs Electron

...

Exploit for Path Traversal in Zimbra Collaboration

...

Exploit for Out-of-bounds Write in Polkit Project Polkit

...

Exploit for Improper Restriction of XML External Entity Reference in Zohocorp Manageengine Adaudit Plus

...

Exploit for Improper Input Validation in Adobe Commerce

...

Exploit for Injection in Atlassian Confluence Data Center

...

Exploit for Improper Initialization in Linux Linux Kernel

...

Exploit for Expression Language Injection in Apache Log4J

...

Exploit for Expression Language Injection in Atlassian Confluence Data Center

...

Exploit for Special Element Injection in Catchethq Catchet

...

Exploit for Vulnerability in Chainsafe Ethermint

...

Exploit for SQL Injection in Brainstormforce Astra

...

Exploit for Out-of-bounds Write in Polkit Project Polkit

...

Exploit for Out-of-bounds Read in Samba

...

Exploit for Vulnerability in Oracle Graalvm

...

Exploit for Code Injection in Ivanti Endpoint Manager Cloud Services Appliance

...

Exploit for Code Injection in Vmware Spring Framework

...

Exploit for Improper Initialization in Linux Linux Kernel

...