In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 29-30, 2024.
During this period, The National Vulnerability Database published 137, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 26
High: 26
Medium: 56
Low: 4
Severity Not Assigned: 25
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-45232
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0
References: https://typo3.org/security/advisory/typo3-ext-sa-2024-006
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-45233
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
References: https://typo3.org/security/advisory/typo3-ext-sa-2024-006
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-8250
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
References: https://gitlab.com/wireshark/wireshark/-/issues/19943
https://www.wireshark.org/security/wnpa-sec-2024-11.html
CWE-ID: CWE-825
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-45435
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
References: https://gist.github.com/tariqhawis/c67177164d3b7975210caddb25b60d62
https://github.com/chartist-js/chartist/issues/1427
CWE-ID: CWE-1321
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-45436
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
References: https://github.com/ollama/ollama/compare/v0.1.46...v0.1.47
https://github.com/ollama/ollama/pull/5314
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-7857
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/media-library-plus/tags/8.2.2/media-library-plus.php#L1766
https://plugins.trac.wordpress.org/browser/media-library-plus/tags/8.2.2/media-library-plus.php#L3339
https://plugins.trac.wordpress.org/changeset/3139954/media-library-plus/trunk/media-library-plus.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/d2266254-9281-4859-8630-f7bb5c0ead19?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2022-2440
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
References: https://plugins.trac.wordpress.org/browser/theme-editor/trunk/ms_child_theme_editor.php#L495
https://plugins.trac.wordpress.org/changeset/3142694/
https://www.wordfence.com/threat-intel/vulnerabilities/id/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-29723
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-29724
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-29725
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-29726
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-29727
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-29728
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-29729
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-29730
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-29731
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-43700
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
References: https://github.com/PhilipHazel/xfpt
https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4
https://jvn.jp/en/vu/JVNVU96498690/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-7607
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L42
https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L60
https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L63
https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L76
https://plugins.trac.wordpress.org/changeset/3142978/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec162cdc-d4cd-47d9-b941-24bfee6c48fd?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-7856
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.
References: https://plugins.trac.wordpress.org/browser/mp3-music-player-by-sonaar/tags/5.7.0.1/includes/class-sonaar-music.php#L739
https://plugins.trac.wordpress.org/browser/mp3-music-player-by-sonaar/tags/5.7.0.1/includes/class-sonaar-music.php#L755
https://plugins.trac.wordpress.org/changeset/3142445/mp3-music-player-by-sonaar/trunk/includes/class-sonaar-music.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/43adc9dd-1780-440f-90c2-ff05a22eb084?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-38693
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
References: https://patchstack.com/database/vulnerability/wp-user-frontend/wordpress-wp-user-frontend-plugin-4-0-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-5057
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
References: https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-38793
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.
References: https://patchstack.com/database/vulnerability/best-restaurant-menu-by-pricelisto/wordpress-best-restaurant-menu-by-pricelisto-plugin-1-4-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-38795
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
References: https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-39620
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
References: https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-39622
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.
References: https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-39638
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.
References: https://patchstack.com/database/vulnerability/registrations-for-the-events-calendar/wordpress-registrations-for-the-events-calendar-plugin-2-12-2-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-39653
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.
References: https://patchstack.com/database/vulnerability/vikrentcar/wordpress-vikrentcar-car-rental-management-system-plugin-1-4-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-39658
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.
References: https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-10-7-authenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-43132
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.
References: https://patchstack.com/database/vulnerability/woocommerce-collections/wordpress-docket-woocommerce-collections-wishlist-watchlist-plugin-1-6-6-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-43144
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
References: https://patchstack.com/database/vulnerability/cost-calculator-builder/wordpress-cost-calculator-builder-plugin-3-2-15-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-43917
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.
References: https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-43918
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.
References: https://patchstack.com/database/vulnerability/woo-producttables-pro/wordpress-wbw-product-table-pro-plugin-1-9-4-unauthenticated-arbitrary-sql-query-execution-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-43931
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.
References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-3-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-43941
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.
References: https://patchstack.com/database/vulnerability/propovoice-pro/wordpress-propovoice-pro-plugin-1-7-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-43942
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2.
References: https://patchstack.com/database/vulnerability/greenshiftquery/wordpress-greenshift-query-and-meta-addon-plugin-3-9-2-subscriber-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-43943
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.
References: https://patchstack.com/database/vulnerability/greenshiftwoo/wordpress-greenshift-woocommerce-addon-plugin-1-9-8-subscriber-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-43955
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.8
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.
References: https://patchstack.com/database/vulnerability/droip/wordpress-droip-plugin-1-1-1-unauthenticated-arbitrary-file-download-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-43965
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
References: https://patchstack.com/database/vulnerability/wp-sendgrid-mailer/wordpress-sendgrid-for-wordpress-plugin-1-4-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-41964
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability.
References: https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-43804
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used without validation when constructing and executing an OS command. User supplied JSON POST data is parsed and if "id" JSON key does not exist, JSON value supplied via "ip" JSON key is assigned to the "ip" variable. Later on, "ip" variable which can be controlled by the attacker is used when constructing the cmd and cmd1 strings without any extra validation. Then, server_mod.subprocess_execute function is called on both cmd1 and cmd2. When the definition of the server_mod.subprocess_execute() function is analyzed, it can be seen that subprocess.Popen() is called on the input parameter with shell=True which results in OS Command Injection. This issue has not yet been patched. Users are advised to contact the Roxy-WI to coordinate a fix.
References: https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-43926
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Reflected XSS.This issue affects Beaver Builder: from n/a through 2.8.3.2.
References: https://patchstack.com/database/vulnerability/beaver-builder-lite-version/wordpress-beaver-builder-plugin-2-8-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-43948
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
References: https://patchstack.com/database/vulnerability/wp-armour-extended/wordpress-wp-armour-extended-plugin-1-26-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-43950
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5.
References: https://patchstack.com/database/vulnerability/brickscore/wordpress-brickscore-plugin-1-4-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-43958
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5.
References: https://patchstack.com/database/vulnerability/intothedark/wordpress-into-the-dark-theme-1-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-43963
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.1.
References: https://patchstack.com/database/vulnerability/yellow-pencil-visual-theme-customizer/wordpress-visual-css-style-editor-plugin-7-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-44777
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References: http://vtiger.com
https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-44778
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References: http://vtiger.com
https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-44779
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References: http://vtiger.com
https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-43921
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.
References: https://patchstack.com/database/vulnerability/magic-post-thumbnail/wordpress-generate-images-magic-post-thumbnail-plugin-5-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-6670
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-6671
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-6672
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 29-30, 2024.
During this period, The National Vulnerability Database published 137, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 26
High: 26
Medium: 56
Low: 4
Severity Not Assigned: 25
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-45232
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0
References: https://typo3.org/security/advisory/typo3-ext-sa-2024-006
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-45233
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
References: https://typo3.org/security/advisory/typo3-ext-sa-2024-006
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-8250
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
References: https://gitlab.com/wireshark/wireshark/-/issues/19943
https://www.wireshark.org/security/wnpa-sec-2024-11.html
CWE-ID: CWE-825
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-45435
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
References: https://gist.github.com/tariqhawis/c67177164d3b7975210caddb25b60d62
https://github.com/chartist-js/chartist/issues/1427
CWE-ID: CWE-1321
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-45436
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
References: https://github.com/ollama/ollama/compare/v0.1.46...v0.1.47
https://github.com/ollama/ollama/pull/5314
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-7857
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/media-library-plus/tags/8.2.2/media-library-plus.php#L1766
https://plugins.trac.wordpress.org/browser/media-library-plus/tags/8.2.2/media-library-plus.php#L3339
https://plugins.trac.wordpress.org/changeset/3139954/media-library-plus/trunk/media-library-plus.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/d2266254-9281-4859-8630-f7bb5c0ead19?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2022-2440
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
References: https://plugins.trac.wordpress.org/browser/theme-editor/trunk/ms_child_theme_editor.php#L495
https://plugins.trac.wordpress.org/changeset/3142694/
https://www.wordfence.com/threat-intel/vulnerabilities/id/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-29723
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-29724
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-29725
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-29726
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-29727
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-29728
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-29729
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-29730
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-29731
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-43700
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
References: https://github.com/PhilipHazel/xfpt
https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4
https://jvn.jp/en/vu/JVNVU96498690/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-7607
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L42
https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L60
https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L63
https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L76
https://plugins.trac.wordpress.org/changeset/3142978/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec162cdc-d4cd-47d9-b941-24bfee6c48fd?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-7856
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.
References: https://plugins.trac.wordpress.org/browser/mp3-music-player-by-sonaar/tags/5.7.0.1/includes/class-sonaar-music.php#L739
https://plugins.trac.wordpress.org/browser/mp3-music-player-by-sonaar/tags/5.7.0.1/includes/class-sonaar-music.php#L755
https://plugins.trac.wordpress.org/changeset/3142445/mp3-music-player-by-sonaar/trunk/includes/class-sonaar-music.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/43adc9dd-1780-440f-90c2-ff05a22eb084?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-38693
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
References: https://patchstack.com/database/vulnerability/wp-user-frontend/wordpress-wp-user-frontend-plugin-4-0-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-5057
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
References: https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-38793
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.
References: https://patchstack.com/database/vulnerability/best-restaurant-menu-by-pricelisto/wordpress-best-restaurant-menu-by-pricelisto-plugin-1-4-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-38795
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
References: https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-39620
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
References: https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-39622
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.
References: https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-39638
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.
References: https://patchstack.com/database/vulnerability/registrations-for-the-events-calendar/wordpress-registrations-for-the-events-calendar-plugin-2-12-2-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-39653
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.
References: https://patchstack.com/database/vulnerability/vikrentcar/wordpress-vikrentcar-car-rental-management-system-plugin-1-4-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-39658
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.
References: https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-10-7-authenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-43132
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.
References: https://patchstack.com/database/vulnerability/woocommerce-collections/wordpress-docket-woocommerce-collections-wishlist-watchlist-plugin-1-6-6-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-43144
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
References: https://patchstack.com/database/vulnerability/cost-calculator-builder/wordpress-cost-calculator-builder-plugin-3-2-15-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-43917
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.
References: https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-43918
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.
References: https://patchstack.com/database/vulnerability/woo-producttables-pro/wordpress-wbw-product-table-pro-plugin-1-9-4-unauthenticated-arbitrary-sql-query-execution-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-43931
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.
References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-3-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-43941
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.
References: https://patchstack.com/database/vulnerability/propovoice-pro/wordpress-propovoice-pro-plugin-1-7-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-43942
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2.
References: https://patchstack.com/database/vulnerability/greenshiftquery/wordpress-greenshift-query-and-meta-addon-plugin-3-9-2-subscriber-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-43943
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.
References: https://patchstack.com/database/vulnerability/greenshiftwoo/wordpress-greenshift-woocommerce-addon-plugin-1-9-8-subscriber-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-43955
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.8
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.
References: https://patchstack.com/database/vulnerability/droip/wordpress-droip-plugin-1-1-1-unauthenticated-arbitrary-file-download-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-43965
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
References: https://patchstack.com/database/vulnerability/wp-sendgrid-mailer/wordpress-sendgrid-for-wordpress-plugin-1-4-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-41964
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability.
References: https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-43804
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used without validation when constructing and executing an OS command. User supplied JSON POST data is parsed and if "id" JSON key does not exist, JSON value supplied via "ip" JSON key is assigned to the "ip" variable. Later on, "ip" variable which can be controlled by the attacker is used when constructing the cmd and cmd1 strings without any extra validation. Then, server_mod.subprocess_execute function is called on both cmd1 and cmd2. When the definition of the server_mod.subprocess_execute() function is analyzed, it can be seen that subprocess.Popen() is called on the input parameter with shell=True which results in OS Command Injection. This issue has not yet been patched. Users are advised to contact the Roxy-WI to coordinate a fix.
References: https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-43926
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Reflected XSS.This issue affects Beaver Builder: from n/a through 2.8.3.2.
References: https://patchstack.com/database/vulnerability/beaver-builder-lite-version/wordpress-beaver-builder-plugin-2-8-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-43948
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
References: https://patchstack.com/database/vulnerability/wp-armour-extended/wordpress-wp-armour-extended-plugin-1-26-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-43950
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5.
References: https://patchstack.com/database/vulnerability/brickscore/wordpress-brickscore-plugin-1-4-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-43958
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5.
References: https://patchstack.com/database/vulnerability/intothedark/wordpress-into-the-dark-theme-1-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-43963
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.1.
References: https://patchstack.com/database/vulnerability/yellow-pencil-visual-theme-customizer/wordpress-visual-css-style-editor-plugin-7-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-44777
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References: http://vtiger.com
https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-44778
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References: http://vtiger.com
https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-44779
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
References: http://vtiger.com
https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-43921
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.
References: https://patchstack.com/database/vulnerability/magic-post-thumbnail/wordpress-generate-images-magic-post-thumbnail-plugin-5-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-6670
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-6671
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-6672
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found