Description
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc
__________________________________
Description
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760
________________________________
Description
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5
___________________________________
Description
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6
CVE-2023-23397 Description:Microsoft Outlook Elevation of Privilege Vulnerability CNA: Microsoft CorporationBase Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
CVE-2022-4328 Description The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Base Score: 9.8 CRITICAL https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
CVE-2023-0138 Description Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Base Score: 8.8 HIGH https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html _____________________________ CVE-2023-0136 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote […]
Leave a Reply