Handsome Testimonials & Reviews Project Security Vulnerabilities

CVE-2023-6491

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and.....

CVE-2023-28636

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and...

CVE-2022-0551 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

BIT-gitlab-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...

Exploit for Heap-based Buffer Overflow in Fortinet Fortiproxy

Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...

CVE-2021-36782

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher...

CVE-2023-28639

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...

CVE-2023-28632

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user...

BIT-gitlab-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...

BIT-gitlab-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

AIX is affected by information disclosure due to Python (CVE-2024-28757)

IBM SECURITY ADVISORY First Issued: Thu Jun 13 15:37:38 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory9.asc Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)...

Malicious code in xterm-addon-clipboard (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5cf6d3796e2698ca788f0833376dcbd11460b764506f5ffb63bdd8e71262113e) The OpenSSF Package Analysis project identified 'xterm-addon-clipboard' @ 6.0.7 (npm) as malicious. It is considered malicious because: The...

Malicious code in webpack-dev-server.legacy (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (85cd0dbb01e0045658eb423c4580a09f07f36ce5af1689227f99e72348cda4a6) The OpenSSF Package Analysis project identified 'webpack-dev-server.legacy' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The...

Malicious code in gql2ts-from-schema (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (7a1acee750c796d45e602f027ea638a05590a78bb142aca903bfb2bb169466a6) The OpenSSF Package Analysis project identified 'gql2ts-from-schema' @ 2.1.1 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in virgil-spring-boot-starter (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1d7b81762635da58744d7567d3ac4b1bf12da5d3c72070a9d2260d40463fcdbb) The OpenSSF Package Analysis project identified 'virgil-spring-boot-starter' @ 20.0.0 (npm) as malicious. It is considered malicious because: - The....

Malicious code in @amops/fetch (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d9eb323a3c294832e925d2ed472560ab37507fc32711add225d99db97b08bc74) The OpenSSF Package Analysis project identified '@amops/fetch' @ 1.4.1 (npm) as malicious. It is considered malicious because: The package...

Malicious code in smart-commons (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d5cef67a87cd4a497f6879379a3829535212f7d703197ce6d3130dd03fd2da6) The OpenSSF Package Analysis project identified 'smart-commons' @ 19.6.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in plain-function (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (2e38d4006afc6d5a3ce531ced341af81b57134a68230e68e52122825f587260e) The OpenSSF Package Analysis project identified 'plain-function' @ 20.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in links-3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (870f8306aa2e95828fa2fdd771044248f7d5e8e715304b6818773620e5c7a1b2) The OpenSSF Package Analysis project identified 'links-3' @ 9.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in spamsynonym (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce) The OpenSSF Package Analysis project identified 'spamsynonym' @ 1.1.1 (pypi) as malicious. It is considered malicious because: - The package...

Malicious code in com.unity.xrtools.spatial-hash (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (efa5d123e10b0da3ed7e7898101f41654aa13a572def7acb40b838e0ef88e74b) The OpenSSF Package Analysis project identified 'com.unity.xrtools.spatial-hash' @ 2.0.0 (npm) as malicious. It is considered malicious because: -.....

CVE-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...

CVE-2023-28838

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server....

Malicious code in zsbpwebsdktest3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a25d6ab5c8c52c4020f38d78237f6c953a826c3e8abc287370befada0727c50a) The OpenSSF Package Analysis project identified 'zsbpwebsdktest3' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in seafoam-desktop (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (11b7b515412cb320d382cffb4a3abe4fa232556d7db6ac3dde904bd295b279a3) The OpenSSF Package Analysis project identified 'seafoam-desktop' @ 10.0.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in twinmotion (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0627a5bcf9887521a72abc5568ab4cf60f65b073d5b0b1c5d2978eeb30079cfd) The OpenSSF Package Analysis project identified 'twinmotion' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in testforconfusion (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0463d945d1cd3398ce2594034fd52775ac94fe411f1cc645f88f757522abfc1b) The OpenSSF Package Analysis project identified 'testforconfusion' @ 1.1.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in egstore-carousel (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e32b3c589f221c9b4e1d86be2924f6e215e6bf6c03844a5084fb1f04eb33275e) The OpenSSF Package Analysis project identified 'egstore-carousel' @ 99.2.2 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in dist-web (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff355bd5f2422ce630aeb0652869d4bdaa8f3f18cf576fc60a76588f3acf36b4) The OpenSSF Package Analysis project identified 'dist-web' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in compositionupdate (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (609e73b696d2a84c8c2169afde78694231815b46be300710ddf913fed7c63d1b) The OpenSSF Package Analysis project identified 'compositionupdate' @ 88.8.8 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in diesel-site (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bb78d01ad7ff8d210d59657017d35725abab41a1e59657ff43ac4ac0889ac493) The OpenSSF Package Analysis project identified 'diesel-site' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in apache2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (12b1a6eed914c86f199b052822217042e2afa047d6b1d9921fd30b56f1e5e650) The OpenSSF Package Analysis project identified 'apache2' @ 1.1.9 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in bistrosk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (275abca8527ba6a0a29bf30537bad45fb01533a199b59ca9543da88dda4f8334) The OpenSSF Package Analysis project identified 'bistrosk' @ 200.0.3 (npm) as malicious. It is considered malicious because: The package...

CVE-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

Malicious code in @wdp-gov/lineage-component (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d71a3c3672d613586050e5166426a68d0f5b4ab173d202c331b0259a3919c5a3) The OpenSSF Package Analysis project identified '@wdp-gov/lineage-component' @ 1.0.33 (npm) as malicious. It is considered malicious because: The...

CVE-2023-3413

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...

Malicious code in test-test-test-leys-check (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a0f1b447a06ae8cd034c08db769374bbc319460cc98a553bfc472d87ca1ef6cc) The OpenSSF Package Analysis project identified 'test-test-test-leys-check' @ 9.9.9 (pypi) as malicious. It is considered malicious because: - The.....

Malicious code in eslint-plugin-indeed (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0) The OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 (npm) as malicious. It is considered malicious because: - The...

Malicious code in fing-react-components (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4e606602dc2c4b6d0550d90156a68cf31799054412bac90062d266e5bcad3d76) The OpenSSF Package Analysis project identified 'fing-react-components' @ 1.15.0 (npm) as malicious. It is considered malicious because: The...

Malicious code in pcln-event-dispatcher (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (58d0757d5f390b101d520dbcfa438dc8fdf9197eccea3aae851f57a1cb09eeb3) The OpenSSF Package Analysis project identified 'pcln-event-dispatcher' @ 999999999.99.9 (npm) as malicious. It is considered malicious because: ...

Malicious code in cncf-interactive-landscape (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9) The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 (npm) as malicious. It is considered malicious because: The...

Malicious code in @wdp-gov/catalog-serialization-engine (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (279671687dd3fcc407084cb5aeaab3c707cf47164e8b81c3f1665b61ce19dfd9) The OpenSSF Package Analysis project identified '@wdp-gov/catalog-serialization-engine' @ 3.0.195 (npm) as malicious. It is considered malicious...

CVE-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...

CVE-2022-0551 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

CVE-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...

CVE-2024-33923 WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through...

CVE-2024-4858

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...

BIT-gitlab-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...

BIT-gitlab-2024-2191

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members...

Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role PoC 1) You will need a valid nonce for deletion of quiz questions. 2) Sign in....