Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)

Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

PT-2023-11505 · Exempi +6 · Exempi +6

Name of the Vulnerable Software and Affected Versions: exempi versions 2.5.0 and earlier Description: The issue allows remote attackers to cause a denial of service via the opening of crafted webp files. This is due to a Buffer Overflow vulnerability in the WEBP Support.cpp file. Recommendations:...

PT-2023-26719 · Jeesite · Jeesite

Name of the Vulnerable Software and Affected Versions: jeesite version 1.2.6 Description: An issue in the delete function in the MenuController class allows authenticated attackers to arbitrarily delete menus created by the Administrator. Recommendations: For jeesite version 1.2.6, consider...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)

Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

PT-2023-22182 · Unknown · Frenic Rhc Loader

Name of the Vulnerable Software and Affected Versions: FRENIC RHC Loader version 1.1.0.3 Description: An out-of-bound reads issue exists, potentially allowing disclosure of sensitive system information or execution of arbitrary code when a specially crafted FNE file is opened. Recommendations: Fo...

PT-2024-20952 · Imlib2 +1 · Imlib2 +1

Name of the Vulnerable Software and Affected Versions: imlib2 version 1.9.1 Description: The issue is related to the mishandling of memory allocation in the function init imlib fonts. Recommendations: For imlib2 version 1.9.1, consider disabling the init imlib fonts function until a patch is...

PT-2023-19179 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.2.0 through 4.3.1 Description: The issue is related to the lack of rate limiting, which allows brute force attacks against Multi-Factor Authentication MFA methods. MFA is a security process that requires a user to provide t...

PT-2023-2944 · Fs · Fs S3900-24T4S

Name of the Vulnerable Software and Affected Versions: FS S3900-24T4S affected versions not specified Description: The issue is related to insufficient access control in the software of FS S3900-24T4S switches. It allows a remote attacker to escalate their privileges and reset the admin password...

PT-2023-12239 · Liferay · Liferay Portal

Name of the Vulnerable Software and Affected Versions: Liferay Portal version 6.2.5 Description: The issue allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. The vendor disputes this issue because the exploit reference link only shows frmfolders.html is...

PT-2023-2584 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A problematic vulnerability has been found in the Web Management Interface of Netgear SRX5308. The issue is related to insufficient protection of the web page structure when handling the...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced vulnerability...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

PT-2023-15523 · V-Server · V-Server

Name of the Vulnerable Software and Affected Versions: V-Server versions 4.0.12.0 and earlier Description: A stack-based buffer overflow issue allows a local attacker to obtain information and/or execute arbitrary code by having a user open a specially crafted project file. Recommendations: For...

PT-2022-20159 · Unknown · Asith-Eranga Isic Tour Booking

Name of the Vulnerable Software and Affected Versions: asith-eranga ISIC tour booking versions prior to the version published after Feb 13th 2018 Description: The issue allows attackers to execute arbitrary commands via the username parameter to "/system/user/modules/mod users/controller.php". Th...

PT-2022-23368 · Osu Open Source · Vncauthproxy

Name of the Vulnerable Software and Affected Versions: OSU Open Source Lab VNCAuthProxy versions 1.1.1 and earlier Description: The issue is an authentication-bypass vulnerability in the VNCServerAuthenticator, located in vncap/vnc/protocol.py, which could allow a malicious actor to gain...

PT-2022-23382 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6134 B20201202 Description: A command injection issue was found via the host time parameter in the NTPSyncWithHost function. This allows for potential exploitation. Recommendations: For TOTOLINK A3700R version...

PT-2022-23447 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description: The issue concerns an authentication bypass. It is related to the function phpcgi main in cgibin. Recommendations: For D-Link GO-RT-AC750 versi...

PT-2022-3299 · Trueconf · Trueconf Server

Name of the Vulnerable Software and Affected Versions: TrueConf Server version 4.3.7 Description: A vulnerability has been found in the /admin/conferences/get-all-status/ component of TrueConf Server, related to the failure to neutralize script-related HTML tags on a web page. The manipulation of...

PT-2022-20956 · Mercury · Mercury Mipc451-4

Name of the Vulnerable Software and Affected Versions: MERCURY MIPC451-4 version 1.0.22 Build 220105 Rel.55642n Description: The issue is a remote code execution RCE vulnerability. It can be exploited via a crafted POST request. Recommendations: For MERCURY MIPC451-4 version 1.0.22 Build 220105...

PT-2022-12182 · Wondershare · Dr. Fone

Name of the Vulnerable Software and Affected Versions: Wondershare LTD Dr. Fone as of 2021-12-06 version Description: The issue is related to remote code execution due to software design flaws. An unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service, which run...