Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution
Posted by malvuln on Oct 03 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt Contact: malvuln13 () gmail com Media:...
Backdoor.Win32.NTRC / Weak Hardcoded Credentials
Posted by malvuln on Oct 03 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt Contact: malvuln13 () gmail com Media:...
WordPress plugin – WPvivid Backup – CVE-2022-2863.
Posted by Rodolfo Tavares via Fulldisclosure on Oct 03 =====[ Tempest Security Intelligence - ADV-15/2022 ]========================== Wordpress plugin - WPvivid Backup - Version < 0.9.76...
CVE-2022-3128 (donation_thermometer)
The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin...
CVE-2022-3132 (goolytics)
The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting...
CVE-2022-3125 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like...
CVE-2022-3124 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of...
CVE-2022-2839 (zephyr_project_manager)
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users...
CVE-2022-2763 (wp_socializer)
The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as...
CVE-2022-2628 (dsgvo_all_in_one_for_wp)
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege...