CVE Catalog

A stored cross-site scripting vulnerability has been identified in the PIXNET Plugin for WordPress, affecting all versions through 2.9.10. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Subscriber-level access or higher to inject arbitrary scripts. These scripts are executed when a user accesses the compromised page.

A stored cross-site scripting vulnerability has been identified in the Horoscope And Tarot plugin for WordPress, affecting all versions through 1.3.0. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'divine_horoscope' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A vulnerability allowing sensitive information exposure has been identified in the Member Access plugin for WordPress, affecting all versions through 1.1.6. This issue arises from an unauthenticated content restriction bypass, which can be exploited via the WordPress core search feature. As a result, attackers can access sensitive data from posts restricted to higher-level roles, such as administrators.

A vulnerability exists in the Spacer plugin for WordPress, all versions through 3.0.7, due to a missing capability check in the motech_spacer_callback() function. This flaw allows authenticated attackers with Subscriber-level access and above to access and view limited setting information, leading to unauthorized data disclosure.

A stored cross-site scripting vulnerability has been identified in the Sellsy plugin for WordPress, affecting all versions through 2.3.3. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'testSellsy' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A stored cross-site scripting vulnerability has been identified in the WP Youtube Gallery plugin for WordPress, affecting all versions through 1.9. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts. These scripts are executed when a user accesses the compromised page.

A vulnerability exists in the ClickDesigns plugin for WordPress, allowing unauthorized data modification. This issue arises from a lack of capability checks in the 'clickdesigns_add_api' and 'clickdesigns_remove_api' functions, affecting all versions through 1.8.0. As a result, unauthenticated attackers can alter or delete the plugin's API key.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Transporters.io plugin for WordPress, affecting all versions through 2.1.1. The vulnerability arises from inadequate nonce validation, allowing unauthenticated attackers to inject malicious scripts by tricking a site administrator into clicking a link.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Chative Live Chat and Chatbot plugin for WordPress, affecting all versions through 1.1. The issue arises from inadequate nonce validation in the 'add_chative_widget_action()' function. This vulnerability allows unauthenticated attackers to manipulate the channel ID or organization ID by sending a forged request, provided they can deceive a site administrator into clicking a link. Such exploitation could redirect the live chat widget to a channel controlled by the attacker.

A vulnerability allowing sensitive information exposure has been identified in the WordPress Duplicate Post, Page and Any Custom Post plugin, affecting all versions through 3.5.5. The issue arises in the 'dpp_duplicate_as_draft' function, where authenticated attackers with Contributor-level access and above can access potentially sensitive data from draft, scheduled, private, and password-protected posts.

A stored cross-site scripting vulnerability has been identified in the WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress, affecting all versions through 1.7.5. The vulnerability arises from inadequate input sanitization and output escaping on user-supplied attributes, particularly within the 'wpsurveypoll_results' shortcode. This flaw allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access the affected page.

A vulnerability allowing arbitrary shortcode execution has been identified in the CF7 WOW Styler plugin for WordPress, affecting all versions through 1.7.0. The issue arises because the plugin does not properly validate user input before executing shortcodes, enabling unauthenticated attackers to execute arbitrary shortcodes. Additionally, this vulnerability is susceptible to reflected cross-site scripting. While version 1.7.0 addressed the reflected XSS issue, the arbitrary shortcode execution vulnerability persists.

A SQL injection vulnerability has been identified in the Live Sales Notification for WooCommerce - Woomotiv plugin for WordPress, affecting all versions through 3.6.1. The vulnerability arises from inadequate escaping of user-supplied data in the 'woomotiv_seen_products_.*' cookie, coupled with a lack of proper preparation in the SQL query. This flaw allows unauthenticated attackers to inject additional SQL commands into existing queries, potentially leading to the extraction of sensitive information from the database.

A privilege escalation vulnerability has been identified in the Themes Coder – Create Android & iOS Apps For Your WooCommerce Site plugin for WordPress, affecting all versions through 1.3.4. The vulnerability arises from the plugin's failure to properly validate user identity before allowing password changes via the update_user_profile() function. This flaw enables unauthenticated attackers to reset passwords for any user, including administrators, and gain unauthorized access to their accounts.

A reflected cross-site scripting vulnerability has been identified in the ARS Affiliate Page Plugin for WordPress, affecting all versions through 2.0.2. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the 'utm_keyword' parameter. These injected scripts could be executed on pages if a user is tricked into clicking a link.

A stored cross-site scripting vulnerability has been identified in the Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin, affecting all versions through 2.1.3.2. The vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts. These scripts are executed when a user accesses the compromised page.

A stored cross-site scripting vulnerability has been identified in the Slider Pro Lite plugin for WordPress, affecting all versions through 1.4.1. The issue arises from inadequate input sanitization and output escaping on user-supplied attributes, particularly within the 'sliderpro' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected page.

A stored cross-site scripting vulnerability has been identified in the Sell Media plugin for WordPress, affecting all versions through 2.5.8.5. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'sell_media_search_form_gutenberg' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A SQL injection vulnerability has been identified in the Timeline Designer plugin for WordPress, affecting all versions through 1.4. The issue arises from inadequate escaping of user-supplied data in the 's' parameter, allowing unauthenticated attackers to inject additional SQL queries. This exploitation could lead to unauthorized access to sensitive information within the database.

A local privilege escalation vulnerability has been identified in the Dell Update Package Framework, affecting versions prior to 22.01.02. This vulnerability allows a low-privileged local attacker to execute arbitrary remote scripts on the server, potentially leading to a denial-of-service condition.

A vulnerability exists in Deno's fetch() redirect handling, where the Authorization header is not properly managed during cross-origin redirects. When a request with an Authorization header is sent to one domain and the response redirects to a different domain, Deno retains the original Authorization header in the follow-up request. This behavior leaks the header's content to the second domain, contrary to the expected behavior of dropping the Authorization header in such scenarios. The issue arises because Deno does not adhere to the same-origin policy and lacks a cookie jar, leading to unintentional leakage of authenticated data across origins. This vulnerability affects Deno versions prior to 1.46.4 and 2.1.2, as well as deno_fetch versions 0.204.0 and through 0.0.1.

A vulnerability in FRRouting (FRR) versions 6.0 prior to 10.3 allows for route re-validation to be triggered when an update received via the RTR protocol exceeds the default socket buffer size of 4K. This can be exploited by causing a large number of updates to be sent during the update interval, which typically lasts 30 minutes. The issue can also occur organically, but when exploited, it forces continuous route validation. Routers with large routing tables may take longer than 30 minutes to complete this process, leading to potential performance impacts. Additionally, the re-validation increases BMP traffic to ingestors.

A vulnerability exists in the AVM FRITZ!Box 7530 AX router, specifically in version 7.59, allowing unauthorized access to sensitive information through the '/juis_boxinfo.xml' file. This issue arises from an access control flaw that permits remote attackers to retrieve data without authentication. However, the reported vulnerability is disputed by the supplier, who states it cannot be reproduced and attributes the issue to an unintended configuration with direct Internet exposure.

An access control vulnerability has been identified in the ipTIME A2004 router, specifically in the login component hostinfo2.cgi, version 12.17.0. This vulnerability allows attackers to access sensitive information without authentication.

A cross-site scripting (XSS) vulnerability exists in Plane versions prior to 0.23. This issue allows authenticated users to upload SVG files as profile images. These SVG files can contain malicious JavaScript that executes in the browsers of users viewing the profile image.

An access control vulnerability has been identified in the ipTIME A2004 router, specifically in version 12.17.0. The issue resides in the '/login/hostinfo.cgi' component, where attackers can access sensitive information, including version details, without authentication. This vulnerability could be exploited by simply visiting the affected URL.

A vulnerability in the Color Phone Call Screen App (com.asianmobile.callcolor) for Android, up to version 24, allows any application to place phone calls without user interaction. This is achieved by sending a crafted intent to the exported CallActivity component, bypassing normal permission requirements.

A vulnerability in the 'iCall OS17 - Color Phone Flash' application, specifically in versions through 4.3 for Android, allows any application to make phone calls without user interaction. This is achieved by sending a crafted intent to the 'com.callos14.callscreen.colorphone.DialerActivity' component, bypassing normal permission requirements.

A vulnerability in the Color Phone Call Screen Themes application for Android, specifically in versions through 1.1.2, allows any app to make phone calls without user interaction. This is achieved by sending a specially crafted intent to the 'com.frovis.androidbase.call.DialerActivity' component, bypassing normal permission requirements.

A vulnerability in the Color Call Theme & Call Screen application, specifically in version 1.0.7 for Android, allows any app to make phone calls on behalf of the user without permission or interaction. This is achieved by sending a specially crafted intent to the exported DialerActivity component.

A vulnerability in the Color Phone: Call Screen Theme application, specifically in version 21.1.9 for Android, allows any app to make phone calls without user interaction. This is achieved by sending a crafted intent to the exported DialerActivity component, bypassing normal permission requirements.

A vulnerability in the Glitter Caller Screen application (also known as iCaller, Caller Theme & Dialer) for Android, in versions through 1.1, allows any application to make phone calls on behalf of the user without permission or interaction. This is achieved by sending a specially crafted intent to the exported 'com.glitter.caller.screen.DialerActivity' component.

A denial-of-service vulnerability has been identified in Redis versions 7.0.0 and later. The issue arises when an authenticated user with sufficient privileges creates a malformed Access Control List (ACL) selector. When this malformed selector is accessed, it triggers a server panic, leading to a crash and subsequent denial-of-service condition.

A vulnerability allowing remote attackers to access sensitive information exists in multiple Netis router models, including the Wifi6 Router NX10 (versions 2.0.1.3643 and 2.0.1.3582), Wifi 11AC Router NC65 (version 3.0.0.3749), Wifi 11AC Router NC63 (versions 3.0.0.3327 and 3.0.0.3503), Wifi 11AC Router NC21 (versions 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329), and Wifi Router MW5360 (versions 1.0.1.3442 and 1.0.1.3031). The issue arises from the endpoint /cgi-bin/skk_set.cgi and the binary /bin/scripts/start_wifi.sh, which can be exploited to retrieve confidential information.

A vulnerability exists in multiple Netis router models, including the Wifi6 Router NX10, Wifi 11AC Routers NC65, NC63, NC21, and the Wifi Router MW5360. This issue allows remote attackers to access sensitive information by exploiting the password parameter on the change admin password page of the router's web interface.

A vulnerability allowing remote attackers to access sensitive information exists in several Netis router models, including the Wifi6 Router NX10 (versions 2.0.1.3643 and 2.0.1.3582), Wifi 11AC Router NC65 (version 3.0.0.3749), Wifi 11AC Router NC63 (versions 3.0.0.3327 and 3.0.0.3503), Wifi 11AC Router NC21 (versions 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329), and Wifi Router MW5360 (versions 1.0.1.3442 and 1.0.1.3031). The issue arises from the skk_get.cgi component, where the mode_name and wl_link parameters can be exploited to retrieve sensitive information.

A remote code execution vulnerability has been identified in Redis versions prior to 6.2.17, 7.2.7, and 7.4.2. This issue allows an authenticated user to execute a specially crafted Lua script that manipulates the garbage collector, potentially leading to arbitrary code execution. The vulnerability exists in all versions of Redis that support Lua scripting.

A privilege escalation vulnerability has been identified in Inspur ClusterEngine version 4.0. This issue arises from an improper SUID configuration in the component '/opt/tsce4/torque6/bin/getJobsByShell', allowing non-administrative users to gain root access by exploiting the SUID mechanism. The vulnerability enables these users to execute arbitrary commands with elevated privileges.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Grocy versions through 4.3.0. The application lacks CSRF protection, as the session token does not have security flags and no countermeasures are implemented. This vulnerability allows users to change the password of the administrator by exploiting the absence of CSRF safeguards.

An information disclosure vulnerability exists in Grocy versions through 4.3.0. It allows remote attackers to access sensitive data by directly requesting pages that are not visible in the user interface, such as the calendar and recipes. This issue is a result of broken access control, where unauthorized users can bypass restrictions by accessing certain URLs or API endpoints directly.

A vulnerability exists in Guzzle OAuth Subscriber versions prior to 0.8.1, where the OAuth 1.0 nonce generation lacks adequate entropy and does not utilize a cryptographically secure pseudorandom source. This deficiency can expose servers to replay attacks, particularly when TLS is not implemented.

A stored cross-site scripting vulnerability has been identified in Grocy versions through 4.3.0. This issue allows for privilege escalation by uploading a malicious HTML or SVG file, which is not properly validated, to the edit profile section. When the file is accessed by an administrator, the embedded script is executed, potentially leading to unauthorized actions such as changing an admin password.

A vulnerability has been identified in the AsusSAIO.sys driver associated with ASUS System Analysis IO version 1.0.0. This vulnerability allows low-privileged users to bypass access controls and misuse driver functionalities by sending specially crafted IOCTL requests. The exploitation of this vulnerability could lead to privilege escalation, unauthorized code execution with elevated rights, and information disclosure. Additionally, because these drivers are signed, they could potentially be used to circumvent Microsoft's driver-signing policy to execute malicious code.

A vulnerability in the DeviceloControl function of ITE Tech, Inc. ITE IO Access version 1.0.0.0, allows attackers to execute arbitrary read and write operations on ports by sending crafted IOCTL requests.

A stored cross-site scripting vulnerability has been identified in REDAXO CMS version 5.17.1. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the password parameter of the /media/test.html component. Additionally, this vulnerability can lead to authenticated arbitrary code execution, according to the vulnerability's author.

A cross-site scripting (XSS) vulnerability exists in Grav version 1.7.45. This issue allows users with limited page creation rights to inject malicious JavaScript into their pages, which could be executed by anyone viewing the page, including administrators. The vulnerability arises from inadequate input validation and content filtering, enabling the execution of unauthorized scripts.

A file upload vulnerability has been identified in ChestnutCMS versions through 1.5.0. The issue arises in the /api/member/avatar API endpoint, which accepts a base64-encoded image string. This string is processed by the memberService.uploadAvatarByBase64 method, where the image is decoded and saved to a file without proper validation of the file extension. This vulnerability is particularly concerning because it is exposed to the frontend, allowing for potentially harmful files to be uploaded.

A vulnerability in Suricata's TCP stream processing prior to version 7.0.8 allows TCP urgent data to be mismanaged, potentially leading to evasion of detection. This issue arises because Suricata may analyze traffic differently than applications at the TCP endpoints, creating a disconnect in how data is processed. In versions prior to 7.0.8, urgent data was ignored, but many applications rely on this data being processed out-of-band. The vulnerability can be exploited by sending TCP packets with the urgent flag set, which Suricata will handle according to its default or configured policies, creating gaps or inconsistencies in the data analysis.

A vulnerability in Suricata's DNS handling prior to version 7.0.8 allows DNS resource name compression to create small DNS messages with excessively large hostnames. This can be expensive to decode and result in oversized DNS log entries. Although there are limits to prevent this, they were not stringent enough. The issue has been fixed in Suricata version 7.0.8.

A buffer overflow vulnerability has been identified in Suricata versions prior to 7.0.8. This issue arises from an unsigned integer underflow, which allows a specially crafted TCP stream to cause a significant buffer overflow. The vulnerability occurs because the buffer is initialized with zeroes using memset, creating an opportunity for the overflow to be exploited.