Vulnerabilities

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()<br /> <br /> In function bond_option_arp_ip_targets_set(), if newval-&gt;string is an<br /> empty string, newval-&gt;string+1 will point to the byte after the<br /> string, causing an out-of-bound read.<br /> <br /> BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418<br /> Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107<br /> CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014<br /> Call Trace:<br /> <br /> __dump_stack lib/dump_stack.c:88 [inline]<br /> dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106<br /> print_address_description mm/kasan/report.c:364 [inline]<br /> print_report+0xc1/0x5e0 mm/kasan/report.c:475<br /> kasan_report+0xbe/0xf0 mm/kasan/report.c:588<br /> strlen+0x7d/0xa0 lib/string.c:418<br /> __fortify_strlen include/linux/fortify-string.h:210 [inline]<br /> in4_pton+0xa3/0x3f0 net/core/utils.c:130<br /> bond_option_arp_ip_targets_set+0xc2/0x910<br /> drivers/net/bonding/bond_options.c:1201<br /> __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767<br /> __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792<br /> bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817<br /> bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156<br /> dev_attr_store+0x54/0x80 drivers/base/core.c:2366<br /> sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136<br /> kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334<br /> call_write_iter include/linux/fs.h:2020 [inline]<br /> new_sync_write fs/read_write.c:491 [inline]<br /> vfs_write+0x96a/0xd80 fs/read_write.c:584<br /> ksys_write+0x122/0x250 fs/read_write.c:637<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x63/0x6b<br /> ---[ end trace ]---<br /> <br /> Fix it by adding a check of string length before using it.

Improper Neutralization of Special Elements in Output Used by a Downstream Component (&amp;#39;Injection&amp;#39;) vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.

Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0.

Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability in smartypants SP Project &amp; Document Manager.This issue affects SP Project &amp; Document Manager: from n/a through 4.71.

Improper Neutralization of Special Elements in Output Used by a Downstream Component (&amp;#39;Injection&amp;#39;) vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form &amp; Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate and deactivate arbitrary plugins. As a result attackers might achieve code execution on the targeted server

The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke this functionality intended for admin users. This enables subscribers to manage field groups, change visibility of items among other things.

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality intended for admin users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This enables subscribers to manage field groups, change visibility of items among other things.

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary media attachments.

The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.