CVE-2022-23987

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-23988

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission...

CVE-2022-23988

The CVE-2022-23988 affects WordPress WS Form LITE and WS Form Pro plugins up to version 1.8.176. The root cause is inadequate sanitisation/escaping of submitted form data, enabling unauthenticated attackers to submit XSS payloads that execute when a privileged user views the related submission. R...

CVE-2022-23987 WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress WordPress Team Members – GS Plugins plugin <= 1.10.18 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Team Members – GS Plugins plugin versions = 1.10.18. Solution Update the WordPress WordPress Team Members – GS Plugins plugin to the latest available version at least 1.11.0...

WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins plugin <= 3.6.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. plugin versions = 3.6.0. Solution Update the WordPress Spreadsheet Integration – Automate Google Sheets With WordPress,...

WordPress WordPress Team Members – GS Plugins plugin <= 1.10.18 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Team Members – GS Plugins plugin versions = 1.10.18. Solution Update the WordPress WordPress Team Members – GS Plugins plugin to the latest available version at least 1.11.0...

GSD-2022-1000463 gcc-plugins/stackleak: Use noinstr in favor of notrace

gcc-plugins/stackleak: Use noinstr in favor of notrace This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.25 by commit...

GSD-2022-1000397 gcc-plugins/stackleak: Use noinstr in favor of notrace

gcc-plugins/stackleak: Use noinstr in favor of notrace This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.102 by commit...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

RHEL 7 : OpenShift Container Platform 3.11.634 (RHSA-2022:0555)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0555 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Oracle Linux 7 : cyrus-sasl (ELSA-2022-0666)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0666 advisory. - Fix for CVE-2022-24407 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112 CVE-2022-24112: Apache APISIX apisix/batch-re...

PT-2022-12270

Name of the Vulnerable Software and Affected Versions LimeSurvey version 5.2.4 Description A Remote Code Execution RCE issue exists via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. Recommendations For LimeSurvey version 5.2.4,...

PT-2022-1907 · Unknown +10 · Cyrus-Sasl +10

Name of the Vulnerable Software and Affected Versions: Cyrus SASL versions 2.1.17 through 2.1.27 Description: The issue is related to the implementation of the authentication mechanism in Cyrus SASL, where the SQL query structure is not properly protected. This could allow a remote attacker to...

CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

Design/Logic Flaw

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

CVE-2021-24867

CVE-2021-24867 relates to backdoored AccessPress Themes plugins/themes distributed via the vendor site (not from wordpress.org). The vulnerability was exploited in the wild to deploy web shells and site defacements, observed by Talos IR as part of initial access through exploitation of a WordPres...

WordPress plugin AccessPress 安全漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin AccessPress Themes has a security vulnerability that stems from the existence of a backdoor in the vendor...