In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 28-29, 2024.
During this period, The National Vulnerability Database published 183, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 43
Medium: 52
Low: 3
Severity Not Assigned: 75
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-3010
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formSetCfm.md
https://vuldb.com/?ctiid.258296
https://vuldb.com/?id.258296
https://vuldb.com/?submit.301489
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-3011
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md
https://vuldb.com/?ctiid.258297
https://vuldb.com/?id.258297
https://vuldb.com/?submit.301490
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-3012
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258298 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/GetParentControlInfo.md
https://vuldb.com/?ctiid.258298
https://vuldb.com/?id.258298
https://vuldb.com/?submit.301491
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-1770
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/changeset/3054910/meta-tag-manager/trunk/meta-tag-manager.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec1aed2-d299-4fa9-add6-10b63ed6aa30?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-30222
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-30223
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-30224
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.
References: https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-30225
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.
References: https://patchstack.com/database/vulnerability/wp-migrate-db-pro/wordpress-wp-migrate-plugin-2-6-10-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-30226
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.
References: https://patchstack.com/database/vulnerability/betterdocs/wordpress-betterdocs-plugin-3-3-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-30227
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.
References: https://patchstack.com/database/vulnerability/cf-geoplugin/wordpress-geo-controller-plugin-8-6-4-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-30228
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.
References: https://patchstack.com/database/vulnerability/hercules-core/wordpress-hercules-core-plugin-6-4-subscriber-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-30229
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.
References: https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-4-2-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-30230
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.8
Description: Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.
References: https://patchstack.com/database/vulnerability/pdf-invoices-and-packing-slips-for-woocommerce/wordpress-pdf-invoices-and-packing-slips-for-woocommerce-plugin-1-3-7-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-30236
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
References: https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-30237
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.
References: https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-30239
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.
References: https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-6-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-30240
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.
References: https://patchstack.com/database/vulnerability/calendarista/wordpress-calendarista-plugin-15-5-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-30241
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
References: https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-1-contributor-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-30242
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.
References: https://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-8-subscriber-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-30243
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
References: https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-4-5-contributor-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-30244
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
References: https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-0-27-sql-injection-via-shortcode-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-30245
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0.
References: https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-9-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-34370
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.
References: https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-36679
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
References: https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-6-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-39313
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
References: https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-23500
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.
References: https://patchstack.com/database/vulnerability/kadence-blocks/wordpress-kadence-blocks-plugin-3-2-19-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-29100
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-1-4-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-30200
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.
References: https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-23649
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/mainwp-links-manager-extension/wordpress-mainwp-links-manager-extension-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-39309
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
References: https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-authenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-25599
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.
References: https://patchstack.com/database/vulnerability/seriously-simple-podcasting/wordpress-seriously-simple-podcasting-plugin-3-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-25924
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.
References: https://patchstack.com/database/vulnerability/testimonial-widgets/wordpress-wp-testimonials-plugin-1-4-3-admin-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-27999
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1.
References: https://patchstack.com/database/vulnerability/woo-preview-emails/wordpress-preview-e-mails-for-woocommerce-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-28001
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a through 1.2.10.
References: https://patchstack.com/database/vulnerability/favicon-rotator/wordpress-favicon-rotator-plugin-1-2-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-28002
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.
References: https://patchstack.com/database/vulnerability/cornerstone/wordpress-cornerstone-plugin-0-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-29228
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-29229
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-29241
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-2890
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
References: https://patchstack.com/database/vulnerability/tumult-hype-animations/wordpress-tumult-hype-animations-plugin-1-9-12-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-6371
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/433021
https://hackerone.com/reports/2257080
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-27775
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-29896
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.
References: https://github.com/KindSpells/astro-shield/commit/41b84576d37fa486a57005ea297658d0bc38566d
https://github.com/KindSpells/astro-shield/security/advisories/GHSA-w387-5qqw-7g8m
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-6437
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Turk Telekom TP-Link allows OS Command Injection.This issue affects TP-Link: through 2024.03.28.
References: https://www.usom.gov.tr/bildirim/tr-24-0244
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-28109
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.
References: https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb
https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f
https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe
https://github.com/veraPDF/veraPDF-library/issues/1415
https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw
CWE-ID: CWE-91
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-29882
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-?callback=` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
References: https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d
https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-0259
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
References: https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm
https://www.fortra.com/security/advisory/fi-2024-005
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-31136
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
References: https://www.jetbrains.com/privacy-security/issues-fixed/
CWE-ID: CWE-1288
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-25959
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.
References: https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-25946
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
References: https://www.dell.com/support/kbdoc/en-us/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-25955
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
References: https://www.dell.com/support/kbdoc/en-us/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-25960
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
References: https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-2947
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
References: https://access.redhat.com/security/cve/CVE-2024-2947
https://bugzilla.redhat.com/show_bug.cgi?id=2271614
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-3019
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
References: https://access.redhat.com/security/cve/CVE-2024-3019
https://bugzilla.redhat.com/show_bug.cgi?id=2271898
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 28-29, 2024.
During this period, The National Vulnerability Database published 183, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 10
High: 43
Medium: 52
Low: 3
Severity Not Assigned: 75
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-3010
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formSetCfm.md
https://vuldb.com/?ctiid.258296
https://vuldb.com/?id.258296
https://vuldb.com/?submit.301489
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-3011
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md
https://vuldb.com/?ctiid.258297
https://vuldb.com/?id.258297
https://vuldb.com/?submit.301490
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-3012
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258298 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/GetParentControlInfo.md
https://vuldb.com/?ctiid.258298
https://vuldb.com/?id.258298
https://vuldb.com/?submit.301491
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-1770
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/changeset/3054910/meta-tag-manager/trunk/meta-tag-manager.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec1aed2-d299-4fa9-add6-10b63ed6aa30?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-30222
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-30223
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-30224
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.
References: https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-30225
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.
References: https://patchstack.com/database/vulnerability/wp-migrate-db-pro/wordpress-wp-migrate-plugin-2-6-10-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-30226
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.
References: https://patchstack.com/database/vulnerability/betterdocs/wordpress-betterdocs-plugin-3-3-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-30227
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.
References: https://patchstack.com/database/vulnerability/cf-geoplugin/wordpress-geo-controller-plugin-8-6-4-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-30228
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.
References: https://patchstack.com/database/vulnerability/hercules-core/wordpress-hercules-core-plugin-6-4-subscriber-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-30229
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.
References: https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-4-2-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-30230
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.8
Description: Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.
References: https://patchstack.com/database/vulnerability/pdf-invoices-and-packing-slips-for-woocommerce/wordpress-pdf-invoices-and-packing-slips-for-woocommerce-plugin-1-3-7-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-30236
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
References: https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-30237
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.
References: https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-30239
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.
References: https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-6-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-30240
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.
References: https://patchstack.com/database/vulnerability/calendarista/wordpress-calendarista-plugin-15-5-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-30241
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
References: https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-1-contributor-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-30242
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.
References: https://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-8-subscriber-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-30243
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
References: https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-4-5-contributor-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-30244
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
References: https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-0-27-sql-injection-via-shortcode-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-30245
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0.
References: https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-9-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-34370
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.
References: https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-36679
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 4.7
Description: Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
References: https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-6-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-39313
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
References: https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-23500
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.
References: https://patchstack.com/database/vulnerability/kadence-blocks/wordpress-kadence-blocks-plugin-3-2-19-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-29100
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-1-4-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-30200
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.
References: https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-23649
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/mainwp-links-manager-extension/wordpress-mainwp-links-manager-extension-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-39309
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
References: https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-authenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-25599
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.
References: https://patchstack.com/database/vulnerability/seriously-simple-podcasting/wordpress-seriously-simple-podcasting-plugin-3-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-25924
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.
References: https://patchstack.com/database/vulnerability/testimonial-widgets/wordpress-wp-testimonials-plugin-1-4-3-admin-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-27999
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1.
References: https://patchstack.com/database/vulnerability/woo-preview-emails/wordpress-preview-e-mails-for-woocommerce-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-28001
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a through 1.2.10.
References: https://patchstack.com/database/vulnerability/favicon-rotator/wordpress-favicon-rotator-plugin-1-2-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-28002
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.
References: https://patchstack.com/database/vulnerability/cornerstone/wordpress-cornerstone-plugin-0-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-29228
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-29229
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-29241
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_04
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-2890
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
References: https://patchstack.com/database/vulnerability/tumult-hype-animations/wordpress-tumult-hype-animations-plugin-1-9-12-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-6371
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/433021
https://hackerone.com/reports/2257080
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-27775
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-29896
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.
References: https://github.com/KindSpells/astro-shield/commit/41b84576d37fa486a57005ea297658d0bc38566d
https://github.com/KindSpells/astro-shield/security/advisories/GHSA-w387-5qqw-7g8m
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-6437
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Turk Telekom TP-Link allows OS Command Injection.This issue affects TP-Link: through 2024.03.28.
References: https://www.usom.gov.tr/bildirim/tr-24-0244
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-28109
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.
References: https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb
https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f
https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe
https://github.com/veraPDF/veraPDF-library/issues/1415
https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw
CWE-ID: CWE-91
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-29882
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-
References: https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d
https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-0259
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
References: https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm
https://www.fortra.com/security/advisory/fi-2024-005
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-31136
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
References: https://www.jetbrains.com/privacy-security/issues-fixed/
CWE-ID: CWE-1288
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-25959
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.
References: https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-25946
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
References: https://www.dell.com/support/kbdoc/en-us/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-25955
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
References: https://www.dell.com/support/kbdoc/en-us/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-25960
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
References: https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-2947
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
References: https://access.redhat.com/security/cve/CVE-2024-2947
https://bugzilla.redhat.com/show_bug.cgi?id=2271614
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-3019
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
References: https://access.redhat.com/security/cve/CVE-2024-3019
https://bugzilla.redhat.com/show_bug.cgi?id=2271898
CWE-ID: CWE-668
Common Platform Enumerations (CPE): Not Found