Brpsd

**Name of the Vulnerable Software and Affected Versions** RegistrationMagic WordPress plugin versions prior to 6.0.7.2 **Description** The RegistrationMagic WordPress plugin does not have sufficient capability checks. This allows users with subscriber privileges or higher to create forms on the site. **Recommendations** Update the RegistrationMagic WordPress plugin to version 6.0.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** RegistrationMagic WordPress plugin versions prior to 6.0.7.2 **Description** The RegistrationMagic WordPress plugin does not properly validate capabilities when checking nonces, which can lead to the disclosure of sensitive data to users with subscriber-level access or higher. **Recommendations** Update RegistrationMagic WordPress plugin to version 6.0.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** HelloWeb version 2.0 **Description** The software contains an arbitrary file download issue that enables remote attackers to download system files. This is achieved by manipulating the `filepath` and `filename` parameters within crafted GET requests sent to the ''download.asp'' endpoint. Attackers can leverage directory traversal techniques to access sensitive configuration and system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Plugin WordPress Timetable and Event Schedule by MotoPress versões anteriores à 2.4.16 **Descrição** O plugin WordPress Timetable and Event Schedule by MotoPress não verifica corretamente o acesso do usuário a eventos específicos durante o processo de duplicação. Isso pode levar à divulgação não autorizada de informações de eventos para usuários com a função de Contribuidor ou superior. A falha permite a divulgação arbitrária de eventos. **Recomendações** Atualize o plugin WordPress Timetable and Event Schedule by MotoPress para a versão 2.4.16 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Cargotec Navis WebAccess versions prior to 2016-08-10 **Description** A SQL injection issue exists in the news pages of the software, allowing remote attackers to execute arbitrary SQL commands. The exact vectors used for the attack are not specified. **Recommendations** For versions prior to 2016-08-10, update to a version released after 2016-08-10 to resolve the issue.