Kategori: NIST-Təhlükəsizlik Zəiflikləri

CVE-2022-0541

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by…

Devamını oku

CVE-2022-0634

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low…

Devamını oku

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both…

Devamını oku

CVE-2022-0657

The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them…

Devamını oku

CVE-2022-0693

The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and…

Devamını oku

CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement…

Devamını oku

CVE-2021-36460

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including…

Devamını oku

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request…

Devamını oku