| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_user() function This makes it possible for unauthenticated attackers to gain access to other user's accounts, including administrators, when Facebook login is enabled. |
| The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. |
| The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions up to, and including, 6.6.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including those of administrators. |
| Memory corruption while invoking remote procedure IOCTL calls. |
| Memory corruption while allocating buffers in DSP service. |
| Memory corruption while processing user buffers. |
| Memory corruption while processing an escape call. |
| Memory corruption while processing control commands in the virtual memory management interface. |
| Transient DOS may occur when multi-profile concurrency arises with QHS enabled. |
| memory corruption while processing an image encoding completion event. |
| Memory corruption while processing IOCTL call to get the mapping. |
| Memory corruption while processing escape commands from userspace. |
| Memory corruption while performing SCM call with malformed inputs. |
| Memory corruption while performing SCM call. |
| Memory corruption while processing a malformed license file during reboot. |
| Memory corruption during PlayReady APP usecase while processing TA commands. |
| Transient DOS while processing IOCTL call for image encoding. |
| Memory corruption while processing camera platform driver IOCTL calls. |
