Day: Mart 20, 2023

CVE-2022-45124

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of…

Devamını oku

CVE-2022-43663

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow.…

Devamını oku

CVE-2023-0681

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site…

Devamını oku

CVE-2023-0940

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user…

Devamını oku

CVE-2023-0937

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which…

Devamını oku

CVE-2023-0911

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing…

Devamını oku

CVE-2023-0890

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public…

Devamını oku

CVE-2023-0876

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading…

Devamını oku

CVE-2023-0875

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability…

Devamını oku

CVE-2023-0865

The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user…

Devamını oku