Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VM Backups Plugin up to 1.0 on WordPress cross-site request forgery

A vulnerability classified as problematic was found in VM Backups Plugin up to 1.0 on WordPress (WordPress Plugin). This vulnerability affects an unknown functionality of the component Plugin Handler. There is no information about possible...
Auteur: VulDB

WooCommerce Upload Files Plugin up to 59.3 on WordPress Blacklist wcuf_file_name unrestricted upload

A vulnerability classified as critical has been found in WooCommerce Upload Files Plugin up to 59.3 on WordPress (E-Commerce Management Software). This affects an unknown function of the component Blacklist Handler. Upgrading to version 59.4...
Auteur: VulDB

User Profile Picture Plugin up to 2.4.x on WordPress REST API Endpoint get_users information disclosure

A vulnerability was found in User Profile Picture Plugin up to 2.4.x on WordPress (WordPress Plugin). It has been rated as problematic. Affected by this issue is the function get_users of the component REST API Endpoint. Upgrading to version...
Auteur: VulDB

Advanced Order Export for WooCommerce Plugin up to 3.1.7 on WordPress Admin Panel tab cross site scripting

A vulnerability was found in Advanced Order Export for WooCommerce Plugin up to 3.1.7 on WordPress (E-Commerce Management Software). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component...
Auteur: VulDB

Easy Contact Form Pro Plugin prior 1.1.1.9 on WordPress Email Subject/Email Recipient cross site scripting

A vulnerability was found in Easy Contact Form Pro Plugin on WordPress (WordPress Plugin). It has been classified as problematic. Affected is an unknown code of the component Form Handler. Upgrading to version 1.1.1.9 eliminates this...
Auteur: VulDB

Web-Stat up to 1.3.x XMLHttpRequest wts_web_stat_load_init information disclosure

A vulnerability was found in Web-Stat up to 1.3.x and classified as problematic. This issue affects the function wts_web_stat_load_init of the component XMLHttpRequest Handler. Upgrading to version 1.4.0 eliminates this vulnerability.
Auteur: VulDB

Ninja Forms Contact Form up to 3.4.33 on WordPress Drag/Drop Form Builder wp_ajax_nf_oauth_disconnect cross-site request forgery

A vulnerability has been found in Ninja Forms Contact Form up to 3.4.33 on WordPress (WordPress Plugin) and classified as problematic. This vulnerability affects the function wp_ajax_nf_oauth_disconnect of the component Drag/Drop Form Builder....
Auteur: VulDB

CERTFR-2021-AVI-240 : Multiples vulnérabilités dans Google Android (06 avril 2021)

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une atteinte à...
Auteur: Cert FR

CERTFR-2021-AVI-239 : Vulnérabilité dans Tenable Nessus (06 avril 2021)

Une vulnérabilité a été découverte dans Tenable Nessus. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

Ninja Forms Contact Form Plugin up to 3.4.33 on WordPress wp_ajax_nf_oauth_connect redirect

A vulnerability, which was classified as problematic, was found in Ninja Forms Contact Form Plugin up to 3.4.33 on WordPress (WordPress Plugin). This affects the function wp_ajax_nf_oauth_connect. Upgrading to version 3.4.34 eliminates this...
Auteur: VulDB

Ninja Forms Contact Form Plugin up to 3.4.34.0 on WordPress wp_ajax_nf_oauth information disclosure

A vulnerability, which was classified as problematic, has been found in Ninja Forms Contact Form Plugin up to 3.4.34.0 on WordPress (WordPress Plugin). Affected by this issue is the function wp_ajax_nf_oauth. Upgrading to version 3.4.34.1...
Auteur: VulDB

SendWP Ninja Forms Contact Form Plugin up to 3.4.33 on WordPress AJAX wp_ajax_ninja_forms_sendwp_remote_install_handler information disclosure

A vulnerability classified as problematic was found in SendWP Ninja Forms Contact Form Plugin up to 3.4.33 on WordPress (WordPress Plugin). Affected by this vulnerability is the function wp_ajax_ninja_forms_sendwp_remote_install_handler of the...
Auteur: VulDB

Reponsive Menu Plugin up to 4.0.3 on WordPress Setting cross-site request forgery

A vulnerability classified as problematic has been found in Reponsive Menu Plugin up to 4.0.3 on WordPress (WordPress Plugin). Affected is an unknown code block of the component Setting Handler. Upgrading to version 4.0.4 eliminates this...
Auteur: VulDB

Reponsive Menu Plugin up to 4.0.3 on WordPress ZIP cross-site request forgery

A vulnerability was found in Reponsive Menu Plugin up to 4.0.3 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects an unknown code of the component ZIP Handler. Upgrading to version 4.0.4 eliminates this...
Auteur: VulDB

Reponsive Menu Plugin up to 4.0.3 on WordPress /rmp-menu/ unrestricted upload

A vulnerability was found in Reponsive Menu Plugin up to 4.0.3 on WordPress (WordPress Plugin). It has been declared as critical. This vulnerability affects an unknown part of the file /rmp-menu/. Upgrading to version 4.0.4 eliminates this...
Auteur: VulDB

Contact Form 7 Style Plugin up to 3.1.9 on WordPress Custom CSS cross site scripting

A vulnerability was found in Contact Form 7 Style Plugin up to 3.1.9 on WordPress (WordPress Plugin). It has been classified as problematic. This affects some unknown functionality of the component Custom CSS Handler. There is no information...
Auteur: VulDB

ThemeIsle Orbit Fox Registration user_role privileges management

A vulnerability was found in ThemeIsle Orbit Fox (affected version not known) and classified as critical. Affected by this issue is an unknown functionality of the component Registration Handler. There is no information about possible...
Auteur: VulDB

ThemeIsle Orbit Fox Header cross site scripting [CVE-2021-24157]

A vulnerability has been found in ThemeIsle Orbit Fox (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown function of the component Header Handler. There is no information about possible...
Auteur: VulDB

Testimonial Rotator 3.0.3 cross site scripting [CVE-2021-24156]

A vulnerability, which was classified as problematic, was found in Testimonial Rotator 3.0.3. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Backup and Migrate Plugin up to 1.5.x on WordPress Privileges unrestricted upload

A vulnerability, which was classified as critical, has been found in Backup and Migrate Plugin up to 1.5.x on WordPress (Backup Software). This issue affects an unknown code block of the component Privileges Handler. Upgrading to version 1.6.0...
Auteur: VulDB

Theme Editor Plugin up to 2.5 on WordPress /etc/passwd download_file file access

A vulnerability classified as problematic was found in Theme Editor Plugin up to 2.5 on WordPress (WordPress Plugin). This vulnerability affects the function download_file of the file /etc/passwd. Upgrading to version 2.6 eliminates this...
Auteur: VulDB

Yoast SEO Plugin up to 3.4.0 on WordPress Blacklist cross site scripting

A vulnerability classified as problematic has been found in Yoast SEO Plugin up to 3.4.0 on WordPress (WordPress Plugin). This affects an unknown part of the component Blacklist Handler. Upgrading to version 3.4.1 eliminates this vulnerability....
Auteur: VulDB

Popup Builder All Subscribers Setting Page cross site scripting

A vulnerability was found in Popup Builder (affected version not known). It has been rated as problematic. Affected by this issue is some unknown functionality of the component All Subscribers Setting Page. There is no information about possible...
Auteur: VulDB

LikeBtn Like Button Rating up to 2.6.31 on WordPress server-side request forgery

A vulnerability was found in LikeBtn Like Button Rating up to 2.6.31 on WordPress (Feedback Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality. Upgrading to version 2.6.32 eliminates this...
Auteur: VulDB

HTMLDOC up to 1.9.11 integer overflow [CVE-2021-20308]

A vulnerability was found in HTMLDOC up to 1.9.11. It has been classified as problematic. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB
First78910111213141516Last

Événements SSI