Read Time:8 Second
FEDORA-2022-8622ebdebb
Packages in this update:
vim-8.2.4428-1.fc35
Update description:
The newest upstream commit
Security fix for CVE-2022-0629
Category Archives: Advisories
CVE-2021-24867
Read Time:15 Second
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
CVE-2021-24921
Read Time:10 Second
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
CVE-2021-25055
Read Time:6 Second
The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the “visibility” parameter.
CVE-2021-25057
Read Time:9 Second
The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin’s settings.
CVE-2021-25058
Read Time:8 Second
The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.
CVE-2021-25060
Read Time:18 Second
The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues
CVE-2021-25069
Read Time:13 Second
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
CVE-2021-25075
Read Time:21 Second
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues
libxml2-2.9.13-1.fc34
Read Time:7 Second
FEDORA-2022-050c712ed7
Packages in this update:
libxml2-2.9.13-1.fc34
Update description:
Update to 2.9.13
Fix CVE-2022-23308