Tag
The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.
The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
State-sponsored cyber espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
Red Hat Security Advisory 2023-5868-01 - An update for ghostscript is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a code execution vulnerability.
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Facing a potential cascade of legal challenges from industry groups and state attorneys general, the EPA has rescinded its cyber-rules. But where does that leave local water safety?
Red Hat Security Advisory 2023-5790-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.