WordPress WP Responsive Tabs horizontal vertical and accordion Tabs Plugin <= 1.1.17 is vulnerable to SQL Injection

Software WP Responsive Tabs horizontal vertical and accordion Tabs Type Plugin Vulnerable versions = 1.1.17 Fixed in 1.1.18 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30497 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1a1455476f7a Credits...

CVE-2024-3007

CVE-2024-3007 affects Tenda FH1205, firmware 2.0.0.7(775). The stack-based buffer overflow occurs in the fromNatStaticSetting function via the page parameter in /goform/NatStaticSetting. The issue can be triggered remotely; exploit details have been disclosed. Public data provides mitigation guid...

CVE-2024-2996

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2024-2993 Tenda FH1203 QuickIndex formQuickIndex stack-based overflow

A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-2976

CVE-2024-2976 affects Tenda F1203, version 2.0.1.6, where the function R7WebsSecurityHandler in the file /goform/execCommand accepts a manipulated password argument that causes a stack-based overflow. This vulnerability can be exploited remotely; public exploit activity is noted. Several sources ...

CVE-2024-2900

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate th...

CVE-2024-2902

CVE-2024-2902 affects Tenda AC7 firmware version 15.03.06.44. The vulnerability is in the function fromSetWifiGusetBasic within /goform/WifiGuestSet, where manipulating the shareSpeed argument causes a stack-based buffer overflow. Exploitation can be performed remotely and the vulnerability has b...

CVE-2024-2898

CVE-2024-2898 affects Tenda AC7 15.03.06.44. The vulnerability is a stack-based buffer overflow in fromSetRouteStatic (file /goform/SetStaticRouteCfg) caused by manipulation of the list argument. It can be exploited remotely and has public exploit/public disclosure. Remediation/patch details are ...

CVE-2024-2894

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

Responsive Tabs < 4.0.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Go to "Tab Sets Add New"...

CVE-2024-2812 Tenda AC15 WriteFacMac formWriteFacMac os command injection

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The...

CVE-2024-2809

A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the atta...

CVE-2024-2806 Tenda AC15 addWifiMacFilter stack-based overflow

A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the...

CVE-2024-27988 WordPress WEN Responsive Columns plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2...

CVE-2024-27989 WordPress WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through...

PT-2024-22185 · Unknown · Wen Responsive Columns

Name of the Vulnerable Software and Affected Versions: WEN Responsive Columns versions 1.3.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...

CVE-2024-2709

A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...

CVE-2024-2711 Tenda AC10U addWifiMacFilter stack-based overflow

A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely...

WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1333

The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting...