Vaibhav Rajput

#13494de 53,638
19.6CVSS total
Vulnerabilidades · 3
Média
2
Alta
1
PT-2024-14995
8.8
2024-01-08
WordPress · Slider Revolution · CVE-2023-6528
**Nome do software vulnerável e versões afetadas** Versões do plugin Slider Revolution para WordPress anteriores à 6.6.19 **Descrição** A vulnerabilidade permite que usuários com, no mínimo, a função de Autor deserializem conteúdo arbitrário ao importar sliders, o que pode levar à execução remota de código. **Recomendações** Para versões anteriores à 6.6.19, atualize para a versão 6.6.19 ou posterior para resolver o problema. Como solução temporária, considere restringir a funcionalidade de importação de sliders a usuários com funções superiores à de Autor até que a atualização seja aplicada.
PT-2023-16352
5.4
2023-04-10
WordPress · Contact-Form-Plugin · CVE-2023-0546
**Name of the Vulnerable Software and Affected Versions** Contact Form Plugin WordPress plugin versions prior to 4.3.25 **Description** The issue allows a logged-in user with roles as low as contributor to inject arbitrary JavaScript into a form. This can be achieved by exploiting the improper sanitization and escaping of the `srcdoc` attribute in iframes within the plugin's custom HTML field type. The injected JavaScript will trigger for any visitor to the form or for admins previewing or editing the form. **Recommendations** For versions prior to 4.3.25, update to version 4.3.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the custom HTML field type in the Contact Form Plugin to prevent potential exploitation until the update can be applied.
PT-2023-16092
5.4
2023-03-13
WordPress · Fluentsmtp · CVE-2023-0219
**Name of the Vulnerable Software and Affected Versions** FluentSMTP WordPress plugin versions prior to 2.2.3 **Description** The issue arises from the plugin's failure to sanitize or escape email content, making it susceptible to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires the presence of other plugins that enable users to send emails with unfiltered HTML. **Recommendations** For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the viewing of email logs until a patch is applied. Restrict access to the email logs to minimize the risk of exploitation. Avoid using plugins that enable users to send emails with unfiltered HTML in the affected versions until the issue is resolved.