The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues
Category Archives: Advisories
CVE-2021-25069
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
CVE-2021-25075
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues
libxml2-2.9.13-1.fc34
FEDORA-2022-050c712ed7
Packages in this update:
libxml2-2.9.13-1.fc34
Update description:
Update to 2.9.13
Fix CVE-2022-23308
mingw-expat-2.4.6-1.fc35
FEDORA-2022-3d9d67f558
Packages in this update:
mingw-expat-2.4.6-1.fc35
Update description:
Update to expat-2.4.6, see https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes for details.
mingw-expat-2.4.6-1.fc34
FEDORA-2022-04f206996b
Packages in this update:
mingw-expat-2.4.6-1.fc34
Update description:
Update to expat-2.4.6, see https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes for details.
libxml2-2.9.13-1.fc35
FEDORA-2022-b661dea83d
Packages in this update:
libxml2-2.9.13-1.fc35
Update description:
Update to 2.9.13
Fix CVE-2022-23308
GLSA 202202-03: Mozilla Firefox: Multiple vulnerabilities
GLSA 202202-02: Chromium, Google Chrome: Multiple vulnerabilities
CVE-2016-1239
duck before 0.10 did not properly handle loading of untrusted code from the current directory.