Description
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc
__________________________________
Description
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760
________________________________
Description
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5
___________________________________
Description
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6
CVE-2023-20025 Description A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based […]
CVE-2022-3724 Description Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows Base Score: 7.5 HIGH https://www.wireshark.org/security/wnpa-sec-2022-08.html ____________________________ CVE-2022-46829 Description In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. Base Score: 8.8 HIGH […]
CVE-2023-21801 Description Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21801 CVE-2023-21777 Description Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability Base Score: 8.7 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21777 CVE-2023-21718 Description Microsoft SQL ODBC Driver Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718 CVE-2023-21707 Description Microsoft Exchange Server Remote […]
Leave a Reply