CVE-2024-8292 WP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for...

Riverbed SteelHead VCX File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Riverbed SteelHead VCX File Read', 'Description' = %q This module exploits an authenticated arbitrary file read in the log module's filter engine...

LimeSurvey Zip Path Traversals

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LimeSurvey Zip Path Traversals', 'Description' = %q This module exploits an authenticated path traversal vulnerability found in LimeSurvey versio...

CVE-2024-43939 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9...

CVE-2024-43922 WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GiveWP Unauthenticated Donation Process Exploit', 'Description' = %q The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in...

CVE-2024-6312

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for authenticate...

CVE-2024-6311

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2addfont' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to...

CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

SPIP 4.2.12 Remote Code Execution Exploit

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be...

CVE-2024-6377

The CVE-2024-6377 entry describes an open redirect vulnerability in 3DPassport within 3DSwymer, affecting Release 3DEXPERIENCE R2022x through R2024x. The issue allows an attacker to redirect users to an arbitrary website via a crafted URL. Affected component/function is 3DPassport in 3DSwymer; ro...

CVE-2024-42560

A cross-site scripting XSS vulnerability in the component updatepagedetails.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter...

CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

LG Simple Editor 3.21.0 Command Injection Exploit

LG Simple Editor versions 3.21.0 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'L...

CVE-2024-43131 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability

Incorrect Authorization vulnerability in WPWeb Docket WooCommerce Collections / Wishlist / Watchlist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket WooCommerce Collections / Wishlist / Watchlist: from n/a before 1.7.0...

CVE-2024-43131 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability

Incorrect Authorization vulnerability in WPWeb Docket WooCommerce Collections / Wishlist / Watchlist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket WooCommerce Collections / Wishlist / Watchlist: from n/a before 1.7.0...

CVE-2023-50810

CVE-2023-50810 is a vulnerability in the U-Boot component of Sonos firmware prior to S1 11.12 and S2 15.9 (affecting PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp; and the Era-100 as noted in references). The flaw arises from improper handling of the return value of the setenv command, enab...

XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

Impact Any user with edit right on any page can perform arbitrary remote code execution by adding instances of XWiki.SearchSuggestConfig and XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki...

CVE-2024-39379 Acrobat for Edge | Out-of-bounds Read (CWE-125)

Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that...