The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.
More Stories
python-reportlab-4.2.0-1.fc39
FEDORA-2024-6ec4e78241 Packages in this update: python-reportlab-4.2.0-1.fc39 Update description: Release 4.2.0 Read More
python-reportlab-4.2.0-1.fc40
FEDORA-2024-dc844d0669 Packages in this update: python-reportlab-4.2.0-1.fc40 Update description: Release 4.2.0 Read More
USN-6743-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-6742-1: Linux kernel vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated...
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)
Posted by malvuln on Apr 19 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact:...
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19 SEC Consult Vulnerability Lab Security Advisory < 20240418-0 >...