9 abril, 2018 – Javier García

Contact Form 7 to Database Extension 2.10.32 – CSV Injection

More info: https://wpvulndb.com/vulnerabilities/9060

WP Live Chat Support <= 8.0.05 – Unauthenticated Stored XSS

More info: https://wpvulndb.com/vulnerabilities/9062

Relevanssi <= 4.0.4 – Cross-Site Scripting (XSS)

More info: https://wpvulndb.com/vulnerabilities/9059

WP Background Takeover <= 4.1.4 – Directory Traversal

More info: https://wpvulndb.com/vulnerabilities/9056

buddypress-xprofile-custom-fields-type 2.6.3 – Authenticated Arbitrary File Deletion

More info: https://wpvulndb.com/vulnerabilities/9058

WordPress File Upload <= 4.3.3 – Cross-Site Scripting (XSS)

More info: https://wpvulndb.com/vulnerabilities/9061

woocommerce-csvimport 3.3.6 – Authenticated Arbitrary File Deletion

More info: https://wpvulndb.com/vulnerabilities/9057

DSA-4168 squirrelmail – security update

Florian Grunow und Birk Kauer of ERNW discovered a path traversalvulnerability in SquirrelMail, a webmail application, allowing anauthenticated remote attacker to retrieve or delete arbitrary filesvia mail attachment. More info: https://www.debian.org/security/2018/dsa-4168

Translate »