Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented ‘printerlogic’ user with a hardcoded SSH public key in ‘~/.ssh/authorized_keys’ and a sudoers rule granting the printerlogic_ssh group ‘NOPASSWD: ALL’....
This vulnerability affects Firefox < 143.0.3. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=1987481
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance...
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox...
This vulnerability affects Firefox < 143.0.3. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=1987246
The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachments function in all versions up to, and including, 1.0.4b. This makes it...
The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘momoyoga-schedule’ shortcode in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping...
The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a...
The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings...
The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the ‘language’ parameter. This makes it possible for unauthenticated attackers to...
The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the ‘task’. This makes it possible for authenticated attackers,...
The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s weedmaps_menu shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output...
The Nexa Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Google Maps widget in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping...
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret...