The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.
More Stories
USN-7045-1: libppd vulnerability
Simone Margaritelli discovered that libppd incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7044-1: libcupsfilters vulnerability
Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7043-1: cups-filters vulnerabilities
Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network....
USN-7042-1: cups-browsed vulnerability
Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with...
USN-7041-1: CUPS vulnerability
Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
chromium-129.0.6668.70-1.fc41
FEDORA-2024-8008ddbd4e Packages in this update: chromium-129.0.6668.70-1.fc41 Update description: Update to 129.0.6668.70 High CVE-2024-9120: Use after free in Dawn High CVE-2024-9121:...