Category: Vulnerabilities

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output...

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it...

Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed. More information : https://jvn.jp/en/jp/JVN94012927/

OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution. More information : https://jvn.jp/en/jp/JVN94012927/

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information. More information : https://jvn.jp/en/jp/JVN94012927/

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to...

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden...

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin’s default file upload allowlist including SVG...

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing...

The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application. More information : https://jvn.jp/en/jp/JVN89992160/

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the `wp_ulike_delete_history_api` AJAX action not verifying that the log...

: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3. More information : https://github.com/alibaba/xquic

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to...

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command. More information : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36851