Web Application Detections Published in June 2024

Hitesh Kadu

In June, the Qualys Web Application Scanning (WAS) team issued a critical security signatures update. This update expands the scope to detect vulnerabilities in several widely used software applications, including WordPress, Cacti, Apache HugeGraph-Server, Check Point Security Gateway, Casgate, PHP, Apache OFBiz, Progress Telerik Report Server, SolarWinds Serv-U, JetBrains TeamCity, OpenCMS and Apache ActiveMQ.

QIDTitle
150911WordPress Bold Page Builder Plugin Vulnerable to Stored Cross-Site Scripting (CVE-2024-2735)
150913WordPress Thim Elementor Kit Plugin: Stored Cross-Site Scripting(CVE-2024-4329)
150914WordPress Spectra Pro Plugin: Privilege Escalation(CVE-2024-3828)
150921WordPress Kognetiks Chatbot Plugin: Unautheticated Arbitrary File Upload(CVE-2024-4329)
150923WordPress Plugin Hotel Booking Lite : PHP Object Injection (CVE-2024-4413)
150924WordPress Plugin Unlimited Elements For Elementor: SQL Injection (CVE-2024-3055)
150925WordPress Plugin Unlimited Elements For Elementor : Command Injection (CVE-2024-2662)
150926WordPress LMS Plugin : Unauthenticated Time-Based SQL Injection (CVE-2024-4434)
150927WordPress LMS Plugin: Arbitrary File Upload Vulnerability ( CVE-2024-4397)
150932WordPress user_login Column SQL Truncation Vulnerability (CVE-2008-4106)
150933Shortcodes WordPress Plugin Vulnerable Stored XSS (CVE-2024-2583)
150943Cacti Command Injection Vulnerability (CVE-2024-29895)
150944WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-1061)
150945WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-5522)
150946Apache HugeGraph-Server Command Execution Vulnerability (CVE-2024-27348)
150947Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)
150948WordPress Business Card Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-4530)
150949WordPress KKProgressbar2 Plugin: SQL Injection Vulnerability (CVE-2024-4533)
150950WordPress Kognetiks Chatbot Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32700)
150952WordPress Contact Form Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-4709)
150953Casgate Improper Authorization Vulnerability (CVE-2024-36108)
150954PHP CGI Argument Injection Vulnerability (CVE-2024-4577)
150956Apache OFBiz Path Traversal Vulnerability (CVE-2024-36104)
150957WordPress Open Graph Plugin: Sensitive Information Exposure Vulnerability (CVE-2024-5615)
150959WordPress Prime Slider Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5640)
150960WordPress Market Explorer Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5637)
150963WordPress Gamipress – Link Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5536)
150964SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995)
150965WordPress XStore Theme: SQL Injection Vulnerability (CVE-2024-33559)
150966Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)
150967JetBrains TeamCity Multiple Cross-Site Scripting (XSS) Vulnerabilities
150968JetBrains TeamCity Access Control Vulnerabilities (CVE-2024-36362, CVE-2024-36365)
150969JetBrains TeamCity Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36371)
150970JetBrains TeamCity Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36372)
150971JetBrains TeamCity Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-36373, CVE-2024-36374)
150972JetBrains TeamCity User Permissions Vulnerabilities (CVE-2024-36376, CVE-2024-36377)
150973JetBrains TeamCity Denial of Service (DoS) Vulnerability (CVE-2024-36378)
150974JetBrains TeamCity Authentication Bypass Vulnerability (CVE-2024-36470)
150975JetBrains TeamCity Improper Access Control Vulnerability (CVE-2024-36364)
150976WordPress Master Addons Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5542)
150977WordPress Photo Gallery by 10Web Plugin: Path Traversal Vulnerability (CVE-2024-5481)
150978WordPress WP-Recall Plugin: SQL Injection Vulnerability (CVE-2024-32709)
150979JetBrains TeamCity Information Exposure Vulnerability (CVE-2024-36375)
150984WordPress Custom Font Uploader Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5489)
150985WordPress Tutor LMS Plugin: Insecure Direct Object Reference(IDOR) Vulnerability (CVE-2024-5438)
150987WordPress Dark Mode Plugin: Unauthorized modification of Data Vulnerability (CVE-2024-5449)
150988WordPress Yoast SEO Plugin: Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-4041)
150989WordPress ePoll Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32514)
150990OpenCMS Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-5520, CVE-2024-5521)
150991Apache ActiveMQ Insecure Web API Configuration Vulnerability (CVE-2024-32114)

QID 150911: WordPress Bold Page Builder Plugin Vulnerable to Stored Cross-Site Scripting (CVE-2024-2735)

CVE-IDCVE-2024-2735
SeverityLevel 3
CVSS 3.16.4
CWE-ID79
Affected VersionsBold Page Builder plugin before, and including 4.8.8

Description:

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross Site Scripting via the ‘Price List’ element in all versions due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Customers are advised to upgrade to Bold Page Builder Plugin 4.8.9 or a later version to remediate this vulnerability.

QID 150913: WordPress Thim Elementor Kit Plugin: Stored Cross-Site Scripting(CVE-2024-4329)

CVE-IDCVE-2024-4329
SeverityLevel 3
CVSS 3.16.4
CWE-ID79
Affected VersionsWP Thim Elementor Kit plugin before 1.1.9.1

Description:

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the “id” parameter in all versions up to and including 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Customers are advised to upgrade to WP Thim Elementor Kit Plugin 1.1.9.1 or a later version to remediate this vulnerability.

QID 150914: WordPress Spectra Pro Plugin: Privilege Escalation(CVE-2024-3828)

CVE-IDCVE-2024-3828
SeverityLevel 4
CVSS 3.18.8
CWE-ID269
Affected VersionsWP Spectra Pro plugin before and, including  1.1.5

Description:

The Spectra Pro plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator. Successful exploitation of this vulnerability makes it possible for lower-privileged users to create registration forms and set the default role to administrator.

Customers are advised to upgrade to WP Spectra Pro plugin 1.1.6 or a later version to remediate this vulnerability.

QID 150921: WordPress Kognetiks Chatbot Plugin: Unautheticated Arbitrary File Upload(CVE-2024-4329)

CVE-IDCVE-2024-4560
SeverityLevel 4
CVSS 3.19.8
CWE-ID434
Affected VersionsWP Kognetiks Chatbot plugin before, and including 1.9.9

Description:

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Customers are advised to upgrade to WP Kognetiks Chatbot plugin 2.0.0 or a later version to remediate this vulnerability.

QID 150923: WordPress Plugin Hotel Booking Lite : PHP Object Injection (CVE-2024-4413)

CVE-IDCVE-2024-4413
SeverityLevel 3
CVSS 3.19.8
CWE-ID502
Affected VersionsWP Hotel Booking Lite plugin before and, including  4.11.1

Description:

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Customers are advised to upgrade to WP Hotel Booking Lite plugin 4.11.2 or a later version to remediate this vulnerability.

QID 150924: WordPress Plugin Unlimited Elements For Elementor: SQL Injection (CVE-2024-3055)

CVE-IDCVE-2024-3055
SeverityLevel 4
CVSS 3.18.8
CWE-ID89
Affected VersionsWP Unlimited Elements For Elementor plugin before, and including 1.5.102

Description:

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Customers are advised to upgrade to WP Unlimited Elements For Elementor plugin1.5.105 or a later version to remediate this vulnerability.

QID 150925: WordPress Plugin Unlimited Elements For Elementor : Command Injection (CVE-2024-2662)

CVE-IDCVE-2024-2662
SeverityLevel 3
CVSS 3.17.2
CWE-ID78
Affected VersionsWP Unlimited Elements For Elementor plugin before, and including 1.5.102

Description:

The Unlimited Elements For Elementor (Free Widgets, Addons) plugin for WordPress is vulnerable to command injection. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server. Successful exploitation of this vulnerability could allow authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.

Customers are advised to upgrade to WP Unlimited Elements For Elementor plugin1.5.105 or a later version to remediate this vulnerability.

QID 150926 : WordPress LMS Plugin : Unauthenticated Time-Based SQL Injection (CVE-2024-4434)

CVE-IDCVE-2024-4434
SeverityLevel 4
CVSS 3.19.8
CWE-ID89
Affected VersionsWP LearnPress plugin before, and including 4.2.6.5

Description:

The LearnPress WordPress LMS Plugin is vulnerable to time-based SQL Injection via the ‘term_id’ parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Successful exploitation of this vulnerability could allow unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Customers are advised to upgrade to WP Learnpress plugin 4.2.6.6 or a later version to remediate this vulnerability.

QID 150927: WordPress LMS Plugin: Arbitrary File Upload Vulnerability ( CVE-2024-4397)

CVE-IDCVE-2024-4397
SeverityLevel 4
CVSS 3.18.8
CWE-ID434
Affected VersionsWordPress LMS Plugin before 4.2.6.6

Description:

The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘save_post_materials’ function. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site’s server, which may make remote code execution possible.

Successful exploitation of this vulnerability makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site’s server, which may make remote code execution possible.

Customers are advised to upgrade to LearnPress plugin 4.2.6.6 or a later version to remediate this vulnerability.

QID 150932: WordPress user_login Column SQL Truncation Vulnerability (CVE-2008-4106)

CVE-IDCVE-2008-4106
SeverityLevel 4
CVSS 3.18.1
CWE-ID20
Affected VersionsWordPress prior to version 2.6.2

Description:

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user’s password to a random value by registering a similar username and then requesting a password reset, related to a “SQL column truncation vulnerability.”

Successful exploitation of this vulnerability makes it possible for remote attackers to change an arbitrary user’s password to a random value by registering a similar username and then requesting a password reset, related to a “SQL column truncation vulnerability.”

Customers are advised to upgrade to WordPress 2.6.2 or a later version to remediate this vulnerability. WordPress provides step-by-step instructions for installing and upgrading to the latest version.

QID 150933: Shortcodes WordPress Plugin Vulnerable Stored XSS (CVE-2024-2583)

CVE-IDCVE-2024-2583
SeverityLevel 3
CVSS 3.16.4
CWE-ID79
Affected VersionsWP Shortcodes Ultimate plugin before 7.0.5

Description:

The WP Shortcodes Plugin Shortcodes Ultimate WordPress plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.

Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Customers are advised to upgrade to WP Shortcodes plugin 7.0.5 or a later version to remediate this vulnerability.

QID 150943: Cacti Command Injection Vulnerability (CVE-2024-29895)

CVE-IDCVE-2024-29895
SeverityLevel 5
CVSS 3.110
CWE-ID77
Affected VersionsCacti version 1.3.x DEV

Description:

A command injection vulnerability allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On.

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system.

Customers are advised to upgrade Cacti to the latest version to remediate this vulnerability. For more information regarding this vulnerability, please refer to the Cacti Security Advisory.

QID 150944: WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-1061)

CVE-IDCVE-2024-1061
SeverityLevel 5
CVSS 3.19.8
CWE-ID89
Affected VersionsHTML5 Video Player prior to version 2.5.25

Description:

The ‘HTML5 Video Player’ WordPress Plugin is affected by an unauthenticated SQL injection vulnerability in the ‘id’ parameter in the ‘get_view’ function.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL queries on the target system. Customers are advised to upgrade HTML5 Video Player to version 2.5.25 or later to remediate this vulnerability.

QID 150945: WordPress HTML5 Video Player Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-5522)

CVE-IDCVE-2024-5522
SeverityLevel 5
CVSS 3.110
CWE-ID89
Affected VersionsHTML5 Video Player prior to version 2.5.27

Description:

The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL queries on the target system. Customers are advised to upgrade HTML5 Video Player to version 2.5.27 or later to remediate this vulnerability.

QID 150946: Apache HugeGraph-Server Command Execution Vulnerability (CVE-2024-27348)

CVE-IDCVE-2024-27348
SeverityLevel 5
CVSS 3.110
CWE-ID78
Affected VersionsApache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 and Java11

Description:

Apache HugeGraph is an easy-to-use, efficient, general-purpose open-source graph database system. Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. Customers are advised to upgrade to Apache HugeGraph version 1.3.0 or later to remediate this vulnerability. For more information, please refer to the Security Advisory.

QID 150947: Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)

CVE-IDCVE-2024-24919
SeverityLevel 4
CVSS 3.18.6
CWE-ID200
Affected VersionsCheck Point Security Gateway

Description:

Check Point Security Gateway is a hardware or virtual appliance that enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. The vulnerability allows an unauthenticated remote attacker to read the contents of an arbitrary file located on the affected appliance. The vulnerability allows an unauthenticated remote attacker to read the contents of an arbitrary file located on the affected appliance.

The vendor has released a patch addressing the vulnerability. Customers are advised to refer to the Check Point Security Advisory for more information regarding this vulnerability.

QID 150948: WordPress Business Card Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-4530)

CVE-IDCVE-2024-4530
SeverityLevel 4
CVSS 3.18.8
CWE-ID352
Affected VersionsBusiness Card WordPress plugin, including 1.0.0

Description:

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions, such as editing card categories via CSRF attacks.

Successful exploitation of this vulnerability makes it possible for attackers to make logged-in users perform unwanted actions, such as editing card categories via CSRF attacks.

QID 150949: WordPress KKProgressbar2 Plugin: SQL Injection Vulnerability (CVE-2024-4533)

CVE-IDCVE-2024-4533
SeverityLevel 4
CVSS 3.19.8
CWE-ID89
Affected VersionsKKProgressbar2 WordPress plugin before, and including 1.1.4.2

Description:

The KKProgressbar2 Free WordPress plugin does not sanitize and escape a parameter before using it in an SQL statement, allowing admin users to perform SQL injection attacks. 

Successful exploitation of this vulnerability makes it possible for authenticated attackers with admin-level permissions to perform SQL injection attacks.

QID 150950: WordPress Kognetiks Chatbot Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32700)

CVE-IDCVE-2024-32700
SeverityLevel 4
CVSS 3.110
CWE-ID434
Affected VersionsWP Kognetiks Chatbot plugin before, and including 2.0.0

Description:

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files on the affected site’s server which may make remote code execution possible.

QID 150952: WordPress Contact Form Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-4709)

CVE-IDCVE-2024-4709
SeverityLevel 3
CVSS 3.17.2
CWE-ID79
Affected VersionsWordPress Contact Form Plugin before, and including 5.1.16

Description:

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross Site Scripting via the ‘subject’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Successful exploitation of this vulnerability makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Customers are advised to upgrade to WP Contact Form Plugin 5.1.17 or a later version to remediate this vulnerability.

QID 150953: Casgate Improper Authorization Vulnerability (CVE-2024-36108)

CVE-IDCVE-2024-36108
SeverityLevel 4
CVSS 3.19.8
CWE-ID285
Affected VersionsCasgate before 0.1.0

Description:

Casgate is an Open Source Identity and Access Management system. In affected versions, `casgate` allows remote unauthenticated attackers to obtain sensitive information via GET request to an API endpoint. An attacker could use the `id` parameter of GET requests with the value `anonymous/ anonymous` to bypass authorization on certain API endpoints. Successful exploitation of the vulnerability could lead to account takeover, privilege escalation, or provide an attacker with credential to other services.

The vendor has released a patch addressing the vulnerability. Customers are advised to refer to Casgate Security Advisory for more information regarding this vulnerability.

QID 150954: PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

CVE-IDCVE-2024-4577
SeverityLevel 5
CVSS 3.19.8
CWE-ID20
Affected VersionsPHP 8.3 before 8.3.8
PHP 8.2 before 8.2.20
All Versions of PHP before 8.1.29

Description:

PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.

While implementing PHP, it was not noticed that the Best-Fit feature of encoding conversion within the Windows operating system could be exploited. This oversight allows unauthenticated attackers to bypass the protection of CVE-2012-1823 using specific character sequences. As a result, arbitrary code can be executed on remote PHP servers through an argument injection attack.

A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

Customers are advised to upgrade to the PHP versions of 8.3.8, 8.2.20, 8.1.29, or the latest version of PHP.

QID 150956: Apache OFBiz Path Traversal Vulnerability (CVE-2024-36104)

CVE-IDCVE-2024-36104
SeverityLevel 5
CVSS 3.18.6
CWE-ID22
Affected VersionsApache OFBiz: before 18.12.14.

Description:

Apache OFBiz is an open-source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Apache OFBiz. Successful exploitation of the vulnerability may allow remote attackers to read sensitive files on the target server. Also, path traversal can lead to a remote code execution vulnerability.

Customers are advised to upgrade Apache OFBiz to the latest version to remediate this vulnerability. For more information regarding this vulnerability, please refer to the Apache OFBiz Advisory.

QID 150957: WordPress Open Graph Plugin: Sensitive Information Exposure Vulnerability (CVE-2024-5615)

CVE-IDCVE-2024-5615
SeverityLevel 3
CVSS 3.15.3
CWE-ID200
Affected VersionsWP Open Graph plugin before, and including 1.11.2 

Description:

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure via the ‘opengraph_default_description’ function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of password-protected blog posts.

Successful exploitation of this vulnerability could allow unauthenticated attackers to extract sensitive data, including partial content of password-protected blog posts. Customers are advised to upgrade to WP Open Graph plugin 1.11.3 or a later version to remediate this vulnerability.

QID 150959: WordPress Prime Slider Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5640)

CVE-IDCVE-2024-5640
SeverityLevel 3
CVSS 3.16.4
CWE-ID79
Affected VersionsWP Prime Slider plugin before, and including 3.14.7

Description:

The Prime Slider Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross Site Scripting via the ‘id’ attribute within the Pacific widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Successful exploitation of this vulnerability could allow authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Customers are advised to upgrade to WP Prime Slider 3.14.8 or a later version to remediate this vulnerability.

QID 150960: WordPress Market Explorer Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5637)

CVE-IDCVE-2024-5637
SeverityLevel 4
CVSS 3.18.1
CWE-ID22
Affected VersionsWP Market Exporter plugin before, and including 2.0.19 

Description:

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘remove_files’ function. This makes it possible for authenticated attackers, with Subscriber level access and above, to use path traversal to delete arbitrary files on the server.

Successful exploitation of this vulnerability could allow authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server. Customers are advised to upgrade to WP Market Exporter 2.0.20 or a later version to remediate this vulnerability.

QID 150963: WordPress Gamipress – Link Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5536)

CVE-IDCVE-2024-5536
SeverityLevel 3
CVSS 3.15.4
CWE-ID79
Affected VersionsWP GamiPress plugin before, and including 1.1.4

Description:

The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s gamipress_link shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Successful exploitation of this vulnerability could allow authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Customers are advised to upgrade to WP GamiPress 1.1.5 or a later version to remediate this vulnerability.

QID 150964: SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995)

CVE-IDCVE-2024-28995
SeverityLevel 4
CVSS 3.17.5
CWE-ID22
Affected VersionsSolarWinds Serv-U 15.4.2 HF1 and earlier

Description:

SolarWinds Serv-U Managed File Transfer Server is a versatile, easy-to-deploy solution that integrates well into existing infrastructure. It allows us to meet all our compliance requirements and ensures peace of mind for file transfers. SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. Successful exploitation of this vulnerability may allow remote attackers access to read sensitive files on the host machine.

Customers are advised to upgrade to SolarWinds Serv-U 15.4.2 HF 2 or later. For more information, please refer to the Serv-U 15.4.2 Security Advisory.

QID 150965: WordPress XStore Theme: SQL Injection Vulnerability (CVE-2024-33559)

CVE-IDCVE-2024-33559
SeverityLevel 4
CVSS 3.19.3
CWE-ID89
Affected VersionsWordPress XStore theme before 9.3.9

Description:

The XStore WordPress theme is a versatile and feature-rich WooCommerce theme designed for creating highly customizable eCommerce websites. Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL queries on the target system. 

Customers are advised to upgrade to XStore Theme 9.3.4 or a later version to remediate this vulnerability.

QID 150966: Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)

CVE-IDCVE-2024-4358
SeverityLevel 4
CVSS 3.19.8
CWE-ID290
Affected VersionsTelerik Report Server 2024 Q1 (10.0.24.305) and earlier

Description:

Telerik Report Server can be used as a report management solution or integrated easily with your application. Telerik Report Server contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report Server restricted functionality.

Successful exploitation allows an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report Server restricted functionality. Customers are advised to upgrade to Telerik Report Server version 2024 Q2 (10.1.24.514) or later versions to remediate this vulnerability. For more information, please refer to Telerik Report Server.

QID 150967: JetBrains TeamCity Multiple Cross-Site Scripting (XSS) Vulnerabilities

CVE-IDCVE-2024-36363, CVE-2024-36366, CVE-2024-36367, CVE-2024-36368, CVE-2024-36369, CVE-2024-36370
SeverityLevel 3
CVSS 3.15.4
CWE-ID79
Affected VersionsJetBrains TeamCity prior to version 2022.04.7
JetBrains TeamCity prior to version 2022.10.6
JetBrains TeamCity prior to version 2023.05.6
JetBrains TeamCity prior to version 2023.11.5

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by Multiple Cross-Site Scripting (XSS) Vulnerabilities:

CVE-2024-36363: Several Stored XSS in code inspection reports were possible.
CVE-2024-36366: An XSS could be executed via certain report grouping and filtering operations.
CVE-2024-36367: Stored XSS via third-party reports was possible.
CVE-2024-36368: Reflected XSS via OAuth provider configuration was possible.
CVE-2024-36369: Stored XSS via issue tracker integration was possible.
CVE-2024-36370: Stored XSS via OAuth connection settings was possible.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150968: JetBrains TeamCity Access Control Vulnerabilities (CVE-2024-36362, CVE-2024-36365)

CVE-IDCVE-2024-36362, CVE-2024-36365
SeverityLevel 3
CVSS 3.16.8
CWE-ID23 ,863
Affected VersionsJetBrains TeamCity prior to version 2022.04.7
JetBrains TeamCity prior to version 2022.10.6
JetBrains TeamCity prior to version 2023.05.6
JetBrains TeamCity prior to version 2023.11.5
JetBrains TeamCity prior to version 2024.03.2

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by Multiple Vulnerabilities:

CVE-2024-36362: Path traversal allowing to read files from the server was possible.
CVE-2024-36365: A third-party agent could impersonate a cloud agent.

Successful exploitation of these vulnerabilities could compromise the Confidentiality and Integrity of the target system. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150969: JetBrains TeamCity Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36371)

CVE-IDCVE-2024-36371
SeverityLevel 3
CVSS 3.14.6
CWE-ID79
Affected VersionsJetBrains TeamCity prior to version 2023.05.6
JetBrains TeamCity prior to version 2023.11.5

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by a Stored Cross-Site Scripting (XSS) Vulnerability:

CVE-2024-36371: Stored XSS in Commit status publisher was possible.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150970: JetBrains TeamCity Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-36372)

CVE-IDCVE-2024-36372
SeverityLevel 3
CVSS 3.14.6
CWE-ID79
Affected VersionsJetBrains TeamCity prior to version 2023.05.6

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by a Reflected Cross-Site Scripting (XSS) Vulnerability:

CVE-2024-36372: Reflected XSS on the subscriptions page was possible.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150971: JetBrains TeamCity Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-36373, CVE-2024-36374)

CVE-IDCVE-2024-36373, CVE-2024-36374
SeverityLevel 3
CVSS 3.14.6
CWE-ID79
Affected VersionsJetBrains TeamCity prior to version 2024.03.2

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities:

CVE-2024-36373: Several stored XSS in untrusted builds settings were possible.
CVE-2024-36374: Stored XSS via build step settings was possible.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150972: JetBrains TeamCity User Permissions Vulnerabilities (CVE-2024-36376, CVE-2024-36377)

CVE-IDCVE-2024-36376,CVE-2024-36377
SeverityLevel 3
CVSS 3.16.5
CWE-ID863
Affected VersionsJetBrains TeamCity prior to version 2024.03.2

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by Multiple Vulnerabilities:

CVE-2024-36376: Users could perform actions that should not be available to them based on their permissions.
CVE-2024-36377: Certain TeamCity API endpoints did not check user permissions.

Successful exploitation of these vulnerabilities could allow users to execute actions or access data without appropriate permission checks. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150973: JetBrains TeamCity Denial of Service (DoS) Vulnerability (CVE-2024-36378)

CVE-IDCVE-2024-36378
SeverityLevel 3
CVSS 3.15.9
CWE-ID770
Affected VersionsJetBrains TeamCity prior to version 2024.03.2

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by a Denial of Service Vulnerability:

CVE-2024-36378: Server was susceptible to DoS attacks with incorrect auth tokens.

Successful exploitation of this vulnerability could allow an attacker to introduce Denial of Service (DoS) condition by sending incorrect auth tokens. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150974: JetBrains TeamCity Authentication Bypass Vulnerability (CVE-2024-36470)

CVE-IDCVE-2024-36470
SeverityLevel 4
CVSS 3.18.1
CWE-ID288
Affected VersionsJetBrains TeamCity prior to version 2022.04.7
JetBrains TeamCity prior to version 2022.10.6
JetBrains TeamCity prior to version 2023.05.6
JetBrains TeamCity prior to version 2023.11.5

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by an Authentication Bypass Vulnerability:

CVE-2024-36470: Authentication bypass was possible in specific edge cases even when the security patch plugin is installed.

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to TeamCity, potentially compromising its security and data integrity. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150975: JetBrains TeamCity Improper Access Control Vulnerability (CVE-2024-36364)

CVE-IDCVE-2024-36364
SeverityLevel 3
CVSS 3.16.5
CWE-ID863
Affected VersionsJetBrains TeamCity prior to version 2022.04.7
JetBrains TeamCity prior to version 2022.10.6
JetBrains TeamCity prior to version 2023.05.6
JetBrains TeamCity prior to version 2023.11.5

Description:

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by a Security Vulnerability:

CVE-2024-36364: Improper access control in Pull Requests and Commit status publisher build features was possible.

Successful exploitation of this vulnerability could compromise the Confidentiality of the target system. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150976: WordPress Master Addons Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-5542)

CVE-IDCVE-2024-5542
SeverityLevel 3
CVSS 3.16.1
CWE-ID79
Affected VersionsWP Master Addons plugin before, and including 2.0.6.1

Description:

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin’s Mega Menu extension due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Successful exploitation of this vulnerability could allow unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Customers are advised to upgrade to WP Master Addons 2.0.6.2 or a later version to remediate this vulnerability.

QID 150977: WordPress Photo Gallery by 10 Web Plugin: Path Traversal Vulnerability (CVE-2024-5481)

CVE-IDCVE-2024-5481
SeverityLevel 4
CVSS 3.18.8
CWE-ID22
Affected VersionsWP Photo gallery plugin before, and including 1.8.23

Description:

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin’s Mega Menu extension due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Customers are advised to upgrade to WP Photo Gallery 1.8.24 or a later version to remediate this vulnerability.

QID 150978: WordPress WP-Recall Plugin: SQL Injection Vulnerability (CVE-2024-32709)

CVE-IDCVE-2024-32709
SeverityLevel 5
CVSS 3.19.3
CWE-ID89
Affected VersionsWordPress WP-Recall Plugin before 16.26.6

Description: 

WP-Recall is a WordPress plugin designed to enhance user interaction and engagement on your website.

The WP-Recall plugin for WordPress is vulnerable to SQL Injection due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL queries on the target system. Customers are advised to upgrade to WP-Recall 16.26.6 or a later version to remediate this vulnerability.

QID 150979: JetBrains TeamCity Information Exposure Vulnerability (CVE-2024-36375)

CVE-IDCVE-2024-36375
SeverityLevel 3
CVSS 3.15.3
CWE-ID209
Affected VersionsJetBrains TeamCity prior to version 2024.03.2

Description: 

TeamCity is a general-purpose CI/CD software platform that allows for flexible workflows, collaboration, and development practices.

JetBrains TeamCity is affected by an Information Exposure Vulnerability:

CVE-2024-36375: Technical information regarding the TeamCity server could be exposed.

Successful exploitation of this vulnerability could expose potentially sensitive Technical Information regarding the TeamCity server. Customers are advised to upgrade TeamCity to the latest version to remediate this vulnerability. For more information, please refer to the JetBrains Security Bulletin.

QID 150984: WordPress Custom Font Uploader Plugin: Unauthorized Loss of Data Vulnerability (CVE-2024-5489)

CVE-IDCVE-2024-5489
SeverityLevel 2
CVSS 3.14.3
CWE-ID284
Affected VersionsWP Custom Font Uploader plugin before, and including 2.3.4

Description: 

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘cfu_delete_customfont’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.

Successful exploitation of this vulnerability could allow authenticated attackers with Subscriber-level access and above, to delete any custom font. Customers are advised to upgrade to the WP Custom Font Uploader plugin 2.4.0 or a later version to remediate this vulnerability.

QID 150985: WordPress Tutor LMS Plugin: Insecure Direct Object Reference(IDOR) Vulnerability (CVE-2024-5438)

CVE-IDCVE-2024-5438
SeverityLevel 3
CVSS 3.14.3
CWE-ID639
Affected VersionsWP Tutor LMS plugin before, and including 2.7.1

Description: 

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference via the ‘attempt_delete’ function due to missing validation on a user-controlled key. This makes it possible for authenticated attackers, with Instructor-level access and above, to delete arbitrary quiz attempts.

Successful exploitation of this vulnerability could allow authenticated attackers with Instructor-level access and above to delete arbitrary quiz attempts. Customers are advised to upgrade to WP Tutor LMS plugin 2.7.2 or a later version to remediate this vulnerability.

QID 150987: WordPress Dark Mode Plugin: Unauthorized modification of Data Vulnerability (CVE-2024-5449)

CVE-IDCVE-2024-5449
SeverityLevel 3
CVSS 3.14.3
CWE-ID285
Affected VersionsWP Dark Mode plugin before, and including 5.0.4

Description:

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings.

Successful exploitation of this vulnerability could allow authenticated attackers with Subscriber-level access and above, to update the plugin’s settings. Customers are advised to upgrade WP Dark Mode plugin 5.0.5 to a later version to remediate this vulnerability.

QID 150988: WordPress Yoast SEO Plugin: Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2024-4041)

CVE-IDCVE-2024-4041
SeverityLevel 3
CVSS 3.16.1
CWE-ID79
Affected VersionsYoast SEO prior to version 22.6

Description:

Yoast SEO is a WordPress plugin that helps optimize WordPress sites for search engines by providing tools for improving content SEO, readability, and overall site structure.

The affected version of the Yoast SEO plugin is vulnerable to a Reflected Cross-Site Scripting (XSS) Vulnerability.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary HTML and JavaScript code into a user’s browser. Customers are advised to upgrade Yoast SEO to version 22.6 or later to remediate this vulnerability. For more information pertaining to this vulnerability, please refer to the Yoast SEO Changelog.

QID 150989: WordPress ePoll Plugin: Arbitrary File Upload Vulnerability (CVE-2024-32514)

CVE-IDCVE-2024-32514
SeverityLevel 5
CVSS 3.19.9
CWE-ID434
Affected VersionsePoll up to version 3.4

Description:

ePoll is a WordPress plugin that helps to create polls and conduct voting contests or online elections easily on a WordPress site.

The affected version of ePoll plugin is vulnerable to an Arbitrary File Upload Vulnerability. Successful exploitation of this vulnerability could allow an attacker to upload Arbitrary Files on the affected site’s server, which could potentially lead to Remote Code Execution. Customers are advised to contact the vendor for patch details. Please refer to the ePoll Plugin page.

QID 150990: OpenCMS Cross-Site Scripting (XSS) Vulnerabilities (CVE-2024-5520, CVE-2024-5521)

CVE-IDCVE-2024-5520, CVE-2024-5521
SeverityLevel 3
CVSS 3.16.4
CWE-ID79
Affected VersionsOpenCMS version 16

Description:

OpenCMS from Alkacon Software is a professional, easy-to-use website content management system (CMS) based on Java and XML technology.

OpenCMS is affected by Two Cross-Site Scripting vulnerabilities:

CVE-2024-5520: A user with sufficient privileges to create and modify web pages through the admin panel can execute malicious JavaScript code after inserting code in the ‘title’ field.
CVE-2024-5521: A user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information. Customers are advised to upgrade to OpenCMS 17 to remediate this vulnerability.

QID 150991: Apache ActiveMQ Insecure Web API Configuration Vulnerability (CVE-2024-32114)

CVE-IDCVE-2024-32114
SeverityLevel 4
CVSS 3.18.5
CWE-ID1188
Affected VersionsApache ActiveMQ 6.x before 6.1.2

Description:

Apache ActiveMQ is a popular open-source, multi-protocol, Java-based message broker.

In Apache ActiveMQ 6.x, the default configuration doesn’t secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API).

Successful exploitation of this vulnerability could allow an unauthenticated attacker to interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). Customers are advised to upgrade to Apache ActiveMQ 6.1.2 or later to remediate this vulnerability. For more information pertaining to this vulnerability, please refer to the Apache ActiveMQ Security Advisory.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *