Gabriele Zuddas

#11412of 53,632
24.1Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-15411
6.1
2025-04-08
WordPress · Advanced Advertising System · CVE-2025-3433
Name of the Vulnerable Software and Affected Versions: Advanced Advertising System plugin for WordPress versions up to and including 1.3.1 Description: The issue arises from insufficient validation of the redirect URL provided through the `redir` parameter. This allows unauthenticated attackers to redirect users to potentially malicious sites if they can trick them into performing a specific action. Recommendations: For versions up to and including 1.3.1, update to a version higher than 1.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the `redir` parameter to minimize the risk of exploitation.
PT-2022-17789
8.2
2022-09-06
WordPress · All-In-One Video Gallery · CVE-2022-2633
**Name of the Vulnerable Software and Affected Versions** All-in-One Video Gallery plugin for WordPress versions up to, and including 2.6.0 **Description** The issue allows unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server via the `dl` parameter found in the ~/public/video.php file. This enables arbitrary file downloads and blind server-side request forgery. **Recommendations** For versions up to, and including 2.6.0, consider disabling access to the ~/public/video.php file or restricting the use of the `dl` parameter until a patch is available. Avoid using the `dl` parameter in the affected API endpoint until the issue is resolved.
PT-2021-23745
9.8
2021-12-15
Itext · Itext · CVE-2021-43113
**Name of the Vulnerable Software and Affected Versions** iText versions prior to 7.1.17 **Description** The issue allows command injection via a CompareTool filename that is mishandled on the `gs` (aka Ghostscript) command line in `GhostscriptHelper.java`. This can occur when a malicious filename is provided to the CompareTool, potentially leading to the execution of arbitrary commands. **Recommendations** For versions prior to 7.1.17, update to version 7.1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `GhostscriptHelper.java` class or disabling the CompareTool functionality until a patch is applied. Avoid using potentially malicious filenames with the CompareTool to minimize the risk of exploitation.