Description
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc
__________________________________
Description
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760
________________________________
Description
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5
___________________________________
Description
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6
CVE-2019-17621 Description The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. Base Score: 9.8 CRITICAL https://www.dlink.com/en/security-bulletin
CVE-2020-7346 Description Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker’s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL […]
CVE-2023-21819 Description Windows Secure Channel Denial of Service Vulnerability Base Score: 7.5 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21819 CVE-2023-21820 Description Windows Distributed File System (DFS) Remote Code Execution Vulnerability Base Score: 7.4 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21820 CVE-2023-21822 Description Windows Graphics Component Elevation of Privilege Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822 CVE-2023-23374 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Base Score: 8.3 […]
Leave a Reply