Description
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its “Logo Title” setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/75abd073-b45f-4fe6-8501-7a6d0163f78d
CVE-2023-21792 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793. Base Score: 7.8 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21792 ___________________________________________________ CVE-2023-21793 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, […]
CVE-2022-4328 Description The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Base Score: 9.8 CRITICAL https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
CVE-2013-0880 Description Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. Base Score: 7.5 HIGH http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
Leave a Reply