WordPress Comments Import & Export Security Vulnerabilities

CVE-2024-35970

In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but it just uncovers the bug that has been there since commit...

CVE-2024-35970

In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but it just uncovers the bug that has been there since commit...

CVE-2024-35980 arm64: tlb: Fix TLBI RANGE operand

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand.....

CVE-2024-35973 geneve: fix header validation in geneve[6]_xmit_skb

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...

CVE-2024-35973 geneve: fix header validation in geneve[6]_xmit_skb

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...

CVE-2024-35970 af_unix: Clear stale u->oob_skb.

In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but it just uncovers the bug that has been there since commit...

PopojiCMS 2.0.1 Remote Command Execution

...

Backdrop CMS 1.27.1 Remote Command Execution

...

Order Export & Order Import for WooCommerce < 2.5.0 - Authenticated (Administrator+) PHP Object Injection

Description The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.9 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above,.....

CVE-2024-35973

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true),...

Debian: Security Advisory (DLA-3816-1)

The remote host is missing an update for the...

CVE-2024-35970

In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u-&gt;oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but it just uncovers the bug that has been there since commit...

CVE-2024-35980

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand.....

JAW - A Graph-based Security Analysis Framework For Client-side JavaScript

An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC...

PopojiCMS 2.0.1 - Remote Command Execution Exploit

...

Backdrop CMS 1.27.1 - Remote Command Execution Exploit

...

Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

...

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

...

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

[SECURITY] [DLA 3816-1] bind9 security update

Debian LTS Advisory DLA-3816-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón May 17, 2024 https://wiki.debian.org/LTS Package : bind9 Version : 1:9.11.5.P4+dfsg-5.1+deb10u11 CVE...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (April 2024)

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes...

CVE-2024-25906

Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through...

CVE-2024-25906

Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through...

CVE-2024-25906 WordPress Comments Like Dislike plugin <= 1.2.2 - IP Restriction Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through...

Cross Site Scripting (XSS)

ezsystems is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper sanitization in "protected" comments, resulting in Cross Site...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1673)

The remote host is missing an update for the Huawei...

GitLab 11.8 < 12.10.13 / 13.0 < 13.0.8 / 13.1 < 13.1.2 (CVE-2020-13326)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. (CVE-2020-13326) Note that Nessus has not...

GitLab 11.2 < 12.10.13 (CVE-2020-13330)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. (CVE-2020-13330) Note that Nessus has not...

One Click Demo Import < 3.2.1 - Authenticated (Admin+) PHP Object Injection

Description The One Click Demo Import plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP...

EulerOS Virtualization 3.0.6.0 : bind (EulerOS-SA-2024-1673)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....

GitLab 8.9 < 13.0.12 / 13.1 < 13.1.6 / 13.2 < 13.2.3 (CVE-2020-13281)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature (CVE-2020-13281) Note that Nessus has not tested for this issue but has instead relied only on the...

Debian dla-3816 : bind9 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3816 advisory. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU...

U.S. Dept Of Defense: Out-Of-Bounds Memory Read on ███

Vulnerability Identifier: OOB Memory Read (CVE-ID Pending) Affected System: Netscaler ADC and Gateway deployed at https://███████/nf/auth/doAuthentication.do Overview: An out-of-bounds (OOB) memory read vulnerability has been identified in Netscaler ADC (Application Delivery Controller) and...

CVE-2024-34751

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through...

CVE-2024-34751

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through...

CVE-2024-34751 WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through...

CVE-2024-34751 WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through...

TotalCloud Container Security Best Practices

Qualys Container Security (CS), an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team...

[updated] Deleted iPhone photos show up again after iOS update

iPhone owners are reporting that photos they'd deleted are now back on their phones, after updating to iOS 17.5. With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. Here are some examples from Reddit: “When in conversation...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

Siemens RUGGEDCOM CROSSBOW

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

(RHSA-2024:2890) Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging < 4.23.9 - Reflected Cross-Site Scripting

Description The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'notice_id' parameter in all versions up to, and including, 4.23.8 due to insufficient input sanitization and output escaping. This...

ShortPixel Adaptive Images < 3.8.4 - Cross-Site Request Forgery

Description The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the import-settings page. This makes it possible for unauthenticated attackers to import.....

WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload.....

RHEL 8 : bind and dhcp (RHSA-2024:2890)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2890 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

Comments Evolved for WordPress <= 1.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Comments Evolved for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)

There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed.....