Vulnerabilities

The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpupg-text' shortcode in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: HCI: Fix potential null-ptr-deref<br /> <br /> Fix potential null-ptr-deref in hci_le_big_sync_established_evt().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: msft: fix slab-use-after-free in msft_do_close()<br /> <br /> Tying the msft-&gt;data lifetime to hdev by freeing it in<br /> hci_release_dev() to fix the following case:<br /> <br /> [use]<br /> msft_do_close()<br /> msft = hdev-&gt;msft_data;<br /> if (!msft) ...(1) filter_lock); ...(4) msft_data;<br /> hdev-&gt;msft_data = NULL; ...(2)<br /> kfree(msft); ...(3)

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()<br /> <br /> Extend a critical section to prevent chan from early freeing.<br /> Also make the l2cap_connect() return type void. Nothing is using the<br /> returned value but it is ugly to return a potentially freed pointer.<br /> Making it void will help with backports because earlier kernels did use<br /> the return value. Now the compile will break for kernels where this<br /> patch is not a complete fix.<br /> <br /> Call stack summary:<br /> <br /> [use]<br /> l2cap_bredr_sig_cmd<br /> l2cap_connect<br /> ┌ mutex_lock(&amp;conn-&gt;chan_lock);<br /> │ chan = pchan-&gt;ops-&gt;new_connection(pchan); list, &amp;conn-&gt;chan_l); ... (1)<br /> └ mutex_unlock(&amp;conn-&gt;chan_lock);<br /> chan-&gt;conf_state ... (4) chan_lock);<br /> │ foreach chan in conn-&gt;chan_l: ... (2)<br /> │ l2cap_chan_put(chan);<br /> │ l2cap_chan_destroy<br /> │ kfree(chan) ... (3) chan_lock);<br /> <br /> ==================================================================<br /> BUG: KASAN: slab-use-after-free in instrument_atomic_read<br /> include/linux/instrumented.h:68 [inline]<br /> BUG: KASAN: slab-use-after-free in _test_bit<br /> include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]<br /> BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0<br /> net/bluetooth/l2cap_core.c:4260<br /> Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311

The Visual Website Collaboration, Feedback &amp; Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265990 is the identifier assigned to this vulnerability.

A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265989 was assigned to this vulnerability.

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack