» 2023 » 2월

CVE-2022-4788

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2022-4788

The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Source: CVE-2022-4788

CVE-2022-4757

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2022-4757

The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Source: CVE-2022-4757

CVE-2022-4679

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2022-4679

The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Source: CVE-2022-4679

CVE-2022-4550

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2022-4550

The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing

Source: CVE-2022-4550

CVE-2023-0278

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0278

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Source: CVE-2023-0278

CVE-2023-0043

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0043

The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Source: CVE-2023-0043

CVE-2023-0168

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0168

The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Source: CVE-2023-0168

CVE-2023-0331

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.

Source: CVE-2023-0331

CVE-2023-0279

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-0279

The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Source: CVE-2023-0279

CVE-2023-27266

Posted on 2023년 2월 28일2023년 2월 28일 by admin

CVE-2023-27266

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner’s email address in the response.

Source: CVE-2023-27266