‼ CVE-2023-0162 ‼
📖 Read
via "National Vulnerability Database".
The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4703 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4710 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4711 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47083 ‼
📖 Read
via "National Vulnerability Database".
Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4701 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4709 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4707 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick an administrator into performing an action, such as clicking a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4708 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4702 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4705 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4700 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4704 ‼
📖 Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21793 ‼
📖 Read
via "National Vulnerability Database".
3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-21764 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21746 ‼
📖 Read
via "National Vulnerability Database".
Windows NTLM Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45166 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36442 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38490 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21677 ‼
📖 Read
via "National Vulnerability Database".
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21683, CVE-2023-21758.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38481 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features.📖 Read
via "National Vulnerability Database".