SUSE CVE-2021-41186

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

PT-2023-19543 · WordPress · Photon Wp Material Design Icons For Page Builders

Name of the Vulnerable Software and Affected Versions: Photon WP Material Design Icons for Page Builders plugin versions 1.4.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into...

PT-2023-15063 · WordPress · Gallery Lightbox

Name of the Vulnerable Software and Affected Versions: Lightbox Gallery WordPress plugin versions prior to 0.9.5 Description: The issue concerns the Lightbox Gallery WordPress plugin, which does not properly validate and escape certain shortcode attributes. This could allow users with the...

PT-2023-14663 · WordPress · Compact Wp Audio Player

Name of the Vulnerable Software and Affected Versions: Compact WP Audio Player WordPress plugin versions prior to 1.9.8 Description: The issue concerns the Compact WP Audio Player WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them. Th...

PT-2023-15965 · WordPress · The User Post Gallery - Upg

Name of the Vulnerable Software and Affected Versions: The User Post Gallery - UPG plugin for WordPress versions up to, and including 2.19 Description: The issue allows for authorization bypass, leading to remote command execution due to the use of a nopriv AJAX action and user-supplied function...

PT-2022-27110 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including 2.2.20.3 Description: The issue arises from improper output escaping on post/page/media titles, allowing Stored Cross-Site Scripting attacks. This enables attackers to...

PT-2022-21789 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme WordPress plugin versions prior to 2.10.7 Description: The issue arises from the unserialize of the content of an imported file, which could lead to PHP object injection when a user imports a...

PT-2022-24715 · WordPress · Add Comments

Name of the Vulnerable Software and Affected Versions: Add Comments WordPress plugin versions 1.0.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

PT-2022-24039 · WordPress · Wpsmartcontracts

Name of the Vulnerable Software and Affected Versions: WPSmartContracts WordPress plugin versions prior to 1.3.12 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploit...

PT-2022-22272 · WordPress · Manage Notification E-Mails

Name of the Vulnerable Software and Affected Versions: Manage Notification E-mails plugin versions 1.8.2 and earlier Description: The issue is related to Cross-Site Request Forgery CSRF in the Manage Notification E-mails plugin on WordPress. This means an attacker could potentially trick a user...

SUSE-SU-2022:3906-1 Security update for gstreamer-0_10-plugins-good

This update for gstreamer-010-plugins-good fixes the following issues: - CVE-2022-1920: Fixed an integer overflow while parsing matroska files bsc1201688. - CVE-2022-1921: Fixed an integer overflow while parsing avi files bsc1201693. - CVE-2022-1922: Fixed an integer overflow during mkv demuxing...

WordPress Plugin "Salon booking system" vulnerable to cross-site scripting

Overview WordPress Plugin "Salon booking system" contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

WordPress Booster Elite for WooCommerce premium plugin < 1.1.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Checkout Files Deletion discovered by WPScan in WordPress Booster for WooCommerce premium plugin versions 1.1.7. Solution Update the WordPress Booster Elite for WooCommerce plugin to the latest available version at least 1.1.7...

PT-2022-18525 · WordPress · Adminpad

Name of the Vulnerable Software and Affected Versions: AdminPad WordPress plugin versions prior to 2.2 Description: The issue concerns a lack of CSRF check when updating an admin's note, allowing attackers to make a logged-in admin update their notes via a CSRF attack. Recommendations: For versio...

PT-2022-21909 · WordPress · Wp Humans.Txt

Name of the Vulnerable Software and Affected Versions: WP Humans.txt WordPress plugin versions 1.0.0 through 1.0.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

PT-2022-26906 · Compuware +1 · Jenkins Compuware Topaz Utilities Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Topaz Utilities Plugin versions 1.0.8 and earlier Description: The issue allows attackers who can control agent processes to obtain the values of Java system properties from the Jenkins controller process due to an...

PT-2022-21147 · WordPress · Advanced Comment Form

Name of the Vulnerable Software and Affected Versions: Advanced Comment Form WordPress plugin versions prior to 1.2.1 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...

PT-2022-10571 · WordPress · Social Media Follow Buttons Bar

Name of the Vulnerable Software and Affected Versions: Social Media Follow Buttons Bar plugin versions prior to 4.74 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by an admin or higher-privileged user. The...