Stored XSS in WordPress Press3D plugin (versions up to 1.0.2) allows authenticated authors to inject malicious JavaScript through unsanitized URL schemes in 3D model blocks, executing arbitrary scripts when users interact with affected content. The vulnerability requires author-level access or higher and impacts all installations of the vulnerable plugin versions without available patches.
Chatbot for WordPress by Collect.chat (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
Stored XSS in the Ravelry Designs Widget WordPress plugin through version 1.0.0 allows authenticated contributors to inject malicious scripts into page shortcodes due to inadequate input sanitization. When site visitors access affected pages, the injected scripts execute in their browsers, potentially compromising user sessions or stealing sensitive data. An active patch is not currently available.
Stored cross-site scripting in the ZoomifyWP Free WordPress plugin through version 1.1 allows authenticated contributors and higher to inject malicious scripts via the filename parameter in the zoomify shortcode due to inadequate input sanitization. When other users visit pages containing the injected code, the scripts execute in their browsers, potentially compromising their sessions or data. No patch is currently available for this vulnerability.
Stored XSS in the Best-wp-google-map WordPress plugin through versions 2.1 allows authenticated contributors and above to inject malicious scripts via insufficiently sanitized latitude and longitude shortcode parameters. When other users view pages containing the injected shortcode, the attacker's scripts execute in their browsers, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available.
The myCred WordPress plugin through version 2.9.7.3 contains a stored cross-site scripting vulnerability in the 'mycred_load_coupon' shortcode that allows authenticated contributors and above to inject malicious scripts into pages through inadequately sanitized shortcode attributes. When site visitors access pages containing the injected payload, the attacker's script executes in their browsers, potentially compromising user sessions and sensitive data. No patch is currently available for this vulnerability.
Stored XSS in the Percent to Infograph WordPress plugin (versions up to 1.0) allows authenticated users with contributor-level or higher privileges to inject malicious scripts through the percent_to_graph shortcode due to inadequate input sanitization. When pages containing the injected payload are accessed by other users, the malicious scripts execute in their browsers, potentially compromising site security and user data.
Stored cross-site scripting in the Simple Plyr WordPress plugin through version 0.0.1 allows authenticated users with Contributor access or higher to inject malicious scripts via the 'poster' parameter in the plyr shortcode due to inadequate input validation. When victims visit pages containing the injected payload, the attacker's scripts execute in their browsers, enabling session hijacking, credential theft, or malware distribution. No patch is currently available for this vulnerability.
Stored cross-site scripting in the UpMenu WordPress plugin through version 3.1 allows authenticated contributors and above to inject malicious scripts via the 'lang' shortcode attribute due to inadequate input sanitization and output escaping. When victims visit affected pages, the injected scripts execute in their browsers, potentially compromising site security and user data. No patch is currently available.
Stored cross-site scripting in WordPress Sphere Manager plugin through version 1.0.2 allows authenticated users with Contributor privileges or higher to inject malicious scripts via the 'width' parameter in shortcodes due to improper input sanitization. Injected scripts execute in the browsers of any user viewing the affected page, potentially compromising site visitors. No patch is currently available.
Authenticated attackers with Contributor access or higher can inject malicious scripts into WordPress pages via the QuestionPro Surveys plugin's 'questionpro' shortcode, exploiting inadequate input sanitization. The injected scripts execute in the browsers of any user viewing the affected pages, enabling session hijacking, credential theft, or malware distribution. No patch is currently available for versions up to 1.0.
Stored XSS in the Payment Page | Payment Form for Stripe WordPress plugin (versions up to 1.4.6) allows authenticated users with Author-level permissions or higher to inject malicious scripts through the 'pricing_plan_select_text_font_family' parameter due to insufficient input sanitization. The injected scripts execute in the browsers of any user viewing the affected pages, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available for this vulnerability.
Stored cross-site scripting in MasterStudy LMS WordPress Plugin versions up to 3.7.11 allows authenticated contributors and above to inject malicious scripts through the 'stm_lms_courses_grid_display' shortcode due to insufficient input sanitization and output escaping. When users access pages containing the injected payload, the arbitrary scripts execute in their browsers, potentially compromising sessions or stealing sensitive data. No patch is currently available.
Stored XSS in WordPress WP Data Access plugin versions up to 5.5.63 allows authenticated contributors and higher to inject malicious scripts into pages via the 'wpda_app' shortcode due to inadequate input sanitization. The injected scripts execute in the browsers of users viewing the affected pages, enabling session hijacking, credential theft, or malware distribution. No patch is currently available.
Stored XSS in the Citations tools WordPress plugin (versions up to 0.3.2) allows authenticated contributors and above to inject malicious scripts through insufficiently sanitized shortcode parameters, which execute in the browsers of users viewing affected pages. The vulnerability requires authentication but affects all site visitors who access pages containing the injected code. No patch is currently available.
Simple Wp colorfull Accordion (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
Stored XSS in Essential Addons for Elementor plugin (versions up to 6.5.9) allows authenticated contributors to inject malicious scripts into pages through the Info Box widget due to inadequate input sanitization. The injected scripts execute for all users viewing the affected pages, potentially leading to credential theft or malware distribution. No patch is currently available.
The Address Bar Ads plugin for WordPress versions up to 1.0.0 contains a reflected cross-site scripting vulnerability in the URL path due to inadequate input sanitization, allowing unauthenticated attackers to inject malicious scripts that execute when users click on crafted links. This attack requires user interaction and affects the confidentiality and integrity of affected sites. No patch is currently available for this vulnerability.
The personal-authors-category WordPress plugin through version 0.3 contains a reflected XSS vulnerability in the URL path due to inadequate input validation and output encoding. Unauthenticated attackers can exploit this by crafting malicious links that, when clicked by victims, execute arbitrary JavaScript in their browsers. No patch is currently available for this vulnerability.
The StyleBidet WordPress plugin through version 1.0.0 fails to properly sanitize URL path parameters, enabling unauthenticated attackers to inject malicious scripts that execute in victim browsers. An attacker can exploit this reflected XSS vulnerability by crafting a malicious link and tricking users into clicking it, potentially compromising user sessions or stealing sensitive data. No patch is currently available for this vulnerability.
Stored XSS in the Geo Widget WordPress plugin through version 1.0 allows unauthenticated attackers to inject malicious scripts via insufficiently sanitized URL parameters that execute when users visit affected pages. The vulnerability requires user interaction to trigger but impacts all site visitors who access injected content. No patch is currently available.
Stored XSS in the Easy Voice Mail WordPress plugin through version 1.2.5 allows authenticated administrators to inject malicious scripts via the message parameter due to inadequate input validation. An attacker with admin privileges can exploit this to execute arbitrary JavaScript in the browsers of users who access affected pages. No patch is currently available for this vulnerability.
Versions of the package directorytree/imapengine versions up to 1.22.3 contains a vulnerability that allows attackers to read or delete victim's emails, terminate the victim's session or execute any va (CVSS 7.6).
User Language Switch (WordPress plugin) is affected by server-side request forgery (ssrf) (CVSS 7.2).
Memory leak in AMD ASoC PDM DMA operations allows local attackers with user-level privileges to cause denial of service through resource exhaustion on affected Linux systems. The vulnerability persists as no patch is currently available, leaving vulnerable systems at continued risk of system instability or crash from cumulative memory consumption.
The Linux kernel's imx/tve driver fails to properly release a DDC device reference during probe failure or driver unbind, causing a resource leak that could lead to denial of service through memory exhaustion. Local users with driver interaction capabilities can trigger this leak through probe deferral or module unload operations. No patch is currently available to address this medium-severity vulnerability.
The Linux kernel's rocker network driver fails to free allocated memory in rocker_world_port_post_fini() when certain callback functions are not implemented, causing a memory leak of approximately 288 bytes per port during device removal. A local attacker with standard user privileges can trigger repeated device removal operations to exhaust kernel memory and cause a denial of service. No patch is currently available for this issue.
A memory leak in the Linux kernel's NFC LLCP implementation allows local attackers to exhaust memory by exploiting a race condition between the nfc_llcp_send_ui_frame() function and local device cleanup routines. An attacker with local access can trigger the vulnerability by sending NFC frames while the underlying device is being destroyed, causing socket buffers to accumulate in the transmit queue and never be freed.
A race condition in the Linux kernel's Bluetooth HCI UART driver allows local attackers with user privileges to trigger a null pointer dereference and cause a denial of service by initiating a TTY write wakeup during driver initialization. The vulnerability occurs when hci_uart_tx_wakeup() schedules write work before the protocol handler's private data structure is initialized, leading to a crash in hci_uart_write_work(). No patch is currently available for this issue.
A resource leak in the Linux kernel's ext4 filesystem implementation fails to properly release buffer head references in the xattr inode update function, potentially causing memory exhaustion on systems with local access. This medium-severity vulnerability affects Linux kernel versions and could allow local attackers to degrade system availability through repeated resource consumption. No patch is currently available.
The ath10k WiFi driver in the Linux kernel incorrectly frees DMA-allocated memory by using aligned addresses instead of the original unaligned pointers, potentially causing memory corruption and system denial of service on affected systems. A local attacker with appropriate privileges can trigger this vulnerability to crash the kernel or cause system instability. No patch is currently available for this issue.
A null pointer dereference in the Linux kernel's SCTP authentication initialization can be triggered by local attackers with user privileges to cause a denial of service through a crash in the packet transmission path. The vulnerability occurs when SCTP-AUTH key setup fails during association peer initialization, leaving a dangling pointer that is subsequently dereferenced. No patch is currently available for this medium-severity issue affecting the Linux kernel.
A data race condition in the Linux kernel's IPv6 NDISC router discovery function allows concurrent unsynchronized read/write access to the ra_mtu field, potentially causing denial of service through system instability or crashes on local systems. The vulnerability affects all Linux systems running vulnerable kernel versions and requires local access to trigger. No patch is currently available, though the race condition is considered low-impact as the affected field represents best-effort MTU configuration.
A data-race condition in the Linux kernel's mISDN subsystem allows local attackers with unprivileged access to cause a denial of service by triggering concurrent access to the dev->work field through ioctl and read operations without proper synchronization. The vulnerability affects the mISDN timer device driver where unsynchronized reads and writes to shared data can result in system availability issues. No patch is currently available for this medium-severity vulnerability.
A data-race condition in the Linux kernel's L2TP tunnel deletion function can cause a denial of service on systems using L2TP networking. Local attackers with unprivileged access can trigger concurrent socket operations to crash the kernel or cause system instability. No patch is currently available for this vulnerability.
The Linux kernel bonding driver fails to properly provide a network namespace pointer to the flow dissector function, allowing a local attacker with unprivileged access to trigger a kernel warning and cause a denial of service. The vulnerability exists in the bond_flow_dissect() code path used for XDP packet transmission, where crafted network packets lacking proper device or socket context can be processed unsafely.
The Linux kernel's mac80211 WiFi implementation contains a parsing error when processing TID-To-Link Mapping (TTLM) elements with default link configurations, causing out-of-bounds memory reads. This vulnerability affects systems running vulnerable Linux kernels and could lead to denial of service through kernel crashes or information disclosure. No patch is currently available for this medium-severity issue.
The HP BIOS configuration driver in the Linux kernel fails to validate attribute names before kobject registration, causing kernel warnings and potential denial of service when HP BIOS returns empty name strings. A local user with standard privileges can trigger this vulnerability to crash or destabilize the system by supplying malformed BIOS attribute data. No patch is currently available for this medium-severity flaw affecting Linux systems with HP BIOS configuration support.
The Linux kernel's acpi_power_meter driver contains a deadlock vulnerability in its notify callback function that can cause a denial of service when device removal races with sysfs attribute access. A local user with privileges to trigger power meter notifications can exploit this to hang or crash the system. No patch is currently available.
The Linux kernel's Synopsys DesignWare DisplayPort bridge driver contains improper error handling in the dw_dp_bind() function that fails to unregister auxiliary devices and return error codes correctly, potentially causing resource leaks or kernel instability for systems using affected display hardware. A local attacker with sufficient privileges could trigger these error paths to cause a denial of service through resource exhaustion or kernel panic.
A memory leak in the Linux kernel's SMB/CIFS client implementation allows local attackers with unprivileged access to exhaust kernel memory and cause a denial of service by triggering failed file operations on read-only mounted shares. An attacker can exploit this by repeatedly attempting to write files to a read-only CIFS mount, causing memory allocated for SMB requests to not be properly freed. The vulnerability persists until the cifs kernel module is unloaded, and currently lacks a public patch.
Linux kernel flexible proportions code can cause a denial of service through a deadlock when a hard interrupt fires during a soft interrupt's sequence count operation, allowing a local attacker with limited privileges to hang the system by triggering indefinite loops in proportion calculations. The vulnerability affects the fprop_new_period() function which lacks proper hardirq safety, creating a race condition between timer softirq context and block I/O hardirq handlers. No patch is currently available for this medium-severity issue.
The Linux kernel's Saffirecode (sfc) driver contains a deadlock vulnerability in RSS configuration reading where the driver attempts to acquire a lock that the kernel's ethtool subsystem has already locked, causing the system to hang. A local user with sufficient privileges can trigger this denial of service condition by executing ethtool RSS configuration commands. No patch is currently available for this medium-severity issue.
A null pointer dereference in the Linux kernel's gs_usb driver can cause a denial of service when processing malformed USB bulk transfer callbacks, affecting systems with vulnerable CAN interface hardware. Local attackers with unprivileged access can trigger this crash by submitting crafted USB requests that fail resubmission. No patch is currently available for this vulnerability.
A local attacker with unprivileged access can trigger kernel warnings in the Linux kernel's DRM subsystem by passing oversized handle values to drm_gem_change_handle_ioctl(), exploiting improper input validation between userspace u32 and kernel int types. This vulnerability affects the Linux kernel and allows denial of service through repeated warning generation, though no patch is currently available.
A memory leak in the Linux kernel's btrfs zlib compression module on S390 hardware-accelerated systems fails to properly release file cache pages, potentially leading to memory exhaustion and denial of service on affected systems. The vulnerability stems from missing cleanup code introduced during a refactoring of the S390x hardware acceleration buffer handling. Local attackers with access to the system could trigger the leak through repeated compression operations.
Linux kernel DAMON sysfs interface fails to properly clean up subdirectories when context setup encounters errors, leaving orphaned directory structures and leaked memory that degrades functionality until system reboot. A local user with appropriate privileges can trigger this condition to cause denial of service by making the DAMON sysfs interface unreliable or unusable. This vulnerability requires local access and user interaction to exploit, with no available patch currently issued.
A memory alignment flaw in the Linux kernel's virtio_net driver allows local attackers with user-level privileges to cause denial of service through misalignment of flexible array members in the virtnet_info structure. The vulnerability results in potential memory corruption when accessing the rss_hash_key_data field, impacting systems running affected Linux kernel versions. No patch is currently available for this medium-severity issue.
Linux kernel DAMON sysfs interface fails to properly clean up access_pattern subdirectories when scheme directory setup fails, causing memory leaks and rendering the sysfs interface non-functional until system reboot. A local privileged user can trigger this condition to degrade system functionality and exhaust memory resources. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's BPF test_run component fails to properly validate XDP frame metadata size, allowing local users with appropriate privileges to specify oversized metadata that exhausts frame headroom and leaves the frame structure uninitialized. This can lead to denial of service or memory corruption during packet transmission. No patch is currently available for this issue.