WordPress Gutena Forms plugin < 1.6.1 - Contributor+ Arbitrary Limited Options Update vulnerability

Contributor+ Arbitrary Limited Options Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder versions 1.6.1...

WordPress easy.jobs plugin < 2.4.7 - Subscriber+ Arbitrary Settings Update vulnerability

Subscriber+ Arbitrary Settings Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin EasyJobs versions 2.4.7...

CVE-2021-4347

The function updateshipmentstatusemailstatusfun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers including those at customer level to update any WordPress option in the database...

CVE-2024-39273

A firmware update vulnerability exists in the fwcheck.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2024-39608

CVE-2024-39608 is a reported unauthenticated firmware-upload vulnerability in the Wavlink AC3000 (M33A8.V5030.210505) login.cgi. Talos details show an unauthenticated HTTP POST can flash firmware to the device, with full device compromise risk (root access via missing authentication in the firmwa...

CVE-2024-10729 Booking & Appointment Plugin for WooCommerce <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update

The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savegooglecalendardata' function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with...

Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them history.pushState'', '', '/'; document.forms0.submit; the response of the request above is 403, but the settings update still happens...

Milesight UR32L 授权问题漏洞

Milesight UR32L is a 4G industrial router from China's StarZone IOT Milesight. An authorization issue vulnerability exists in Milesight UR32L v32.3.0.7-r2, which stems from a firmware update vulnerability in the file import function, where a specially crafted network request could result in an...

wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR

Description The plugin does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users. PoC 1. Create a note as an admin. View the source of the page to get the Note...

ProfileGrid < 5.5.2 - Subscriber+ Arbitrary Option Update

Description The plugin does not implement an adequate capability check on the 'profilemagicchecksmtpconnection' function, making it possible for authenticated users with subscriber-level permissions or above to arbitrarily update the site options, leading to potential privilege escalation...

CVE-2022-34845

A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. PoC 1. Create a booking with user01 2...

CVE-2021-40419

The CVE-2021-40419 entry describes a firmware update vulnerability in the Reolink RLC-410W, tracked by Talos. The issue centers on the device’s leftover factory binary, which allows unauthenticated access to multiple critical operations, including uploading a firmware file, factory reset, and oth...

TrustMate.io integration for WooCommerce < 1.7.1 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the savecheckbox AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update arbitrary...

Image Hover Effects Ultimate < 9.7.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options. The original report mentioned the issue being fixed in 9.6.2, however it was still possible for attackers to exploit it and proper remediation h...

IBM Rational Software Architect Design Manager and Rhapsody Design Manager < 4.0.7 Unspecified Vulnerability

The remote host is running a version of IBM Rational Software Architect Design Manager or IBM Rhapsody Design Manager that is affected by the following vulnerabilities : - An unspecified vulnerability exists that allows a remote, authenticated attacker to provision an arbitrary update site into t...

nProtect Netizen has multiple vulnerabilities

Overview nProtect Netizen contains multiple vulnerabilities. - It may fetch update files from an arbitrary site - It may download and save malicious files - It may cause an abnormal web browser termination Impact A remote attacker could lead a user to save a malicious file to the local storage an...