Day: December 30, 2021

tokio Crate up to 1.8.3/1.13.0 on Rust memory corruption [CVE-2021-45710]

A vulnerability was found in tokio Crate up to 1.8.3/1.13.0 on Rust (Rust Package). It has been rated as critical.

rusqlite Crate up to 0.25.3/0.26.1 on Rust commit_hook use after free

A vulnerability classified as critical has been found in rusqlite Crate up to 0.25.3/0.26.1 on Rust (Rust Package). This affects

Common Vulnerabilities and Exposures

vec-const Crate up to 1.x on Rust memory corruption [CVE-2021-45680]

A vulnerability classified as critical was found in vec-const Crate up to 1.x on Rust (Rust Package). This vulnerability affects

Common Vulnerabilities and Exposures

Simple JWT Login Plugin up to 3.2.x on WordPress Password Creation str_shuffle inadequate encryption

A vulnerability, which was classified as problematic, has been found in Simple JWT Login Plugin up to 3.2.x on WordPress

Common Vulnerabilities and Exposures

WP Guppy Plugin up to 1.2 on WordPress REST API Endpoint authorization

A vulnerability, which was classified as critical, was found in WP Guppy Plugin up to 1.2 on WordPress (WordPress Plugin).

Common Vulnerabilities and Exposures

Rich Reviews Plugin up to 1.9.5 on WordPress GET Parameter orderby sql injection

A vulnerability has been found in Rich Reviews Plugin up to 1.9.5 on WordPress (WordPress Plugin) and classified as critical.

Common Vulnerabilities and Exposures

Tickera Plugin prior 3.4.8.3 on WordPress Booked Event cross site scripting

A vulnerability was found in Tickera Plugin on WordPress (WordPress Plugin) and classified as problematic. Affected by this issue is

Common Vulnerabilities and Exposures

Build Beautiful Conversational Forms Plugin up to 1.4.2 on WordPress Publish ID Setting cross site scripting

A vulnerability was found in Build Beautiful Conversational Forms Plugin up to 1.4.2 on WordPress (WordPress Plugin). It has been

Common Vulnerabilities and Exposures

Contact Form & Lead Form Elementor Builder Plugin up to 1.6.3 on WordPress cross site scripting

A vulnerability was found in Contact Form & Lead Form Elementor Builder Plugin up to 1.6.3 on WordPress (WordPress Plugin).

Common Vulnerabilities and Exposures

Paid Memberships Pro Plugin up to 2.6.5 on WordPress Admin Page cross site scripting

A vulnerability was found in Paid Memberships Pro Plugin up to 2.6.5 on WordPress (WordPress Plugin). It has been rated

Common Vulnerabilities and Exposures

Gwolle Guestbook Plugin up to 4.1.x on WordPress Admin Page gwolle_gb_user_email cross site scripting

A vulnerability classified as problematic has been found in Gwolle Guestbook Plugin up to 4.1.x on WordPress (WordPress Plugin). Affected

Common Vulnerabilities and Exposures

WPFront User Role Editor Plugin prior 3.2.1.11184 on WordPress Admin Dashboard changes-saved cross site scripting

A vulnerability classified as problematic was found in WPFront User Role Editor Plugin on WordPress (WordPress Plugin). Affected by this

Common Vulnerabilities and Exposures

Smart Floating & Sticky Buttons Plugin up to 2.5.4 on WordPress Parameter cross site scripting

A vulnerability, which was classified as problematic, has been found in Smart Floating & Sticky Buttons Plugin up to 2.5.4

Common Vulnerabilities and Exposures

WordPress Download Manager Plugin prior 3.2.22 on WordPress Template Data wpdm_save_template cross site scripting

A vulnerability, which was classified as problematic, was found in WordPress Download Manager Plugin on WordPress (Content Management System). This

Common Vulnerabilities and Exposures

WP RSS Aggregator Plugin prior 4.19.3 on WordPress System Info Admin Dashboard wprss_dismiss_addon_notice cross site scripting

A vulnerability has been found in WP RSS Aggregator Plugin on WordPress (WordPress Plugin) and classified as problematic. This vulnerability

Common Vulnerabilities and Exposures

Day: December 30, 2021

tokio Crate up to 1.8.3/1.13.0 on Rust memory corruption [CVE-2021-45710]

rusqlite Crate up to 0.25.3/0.26.1 on Rust commit_hook use after free

vec-const Crate up to 1.x on Rust memory corruption [CVE-2021-45680]

WP Guppy Plugin up to 1.2 on WordPress REST API Endpoint authorization

Rich Reviews Plugin up to 1.9.5 on WordPress GET Parameter orderby sql injection

Tickera Plugin prior 3.4.8.3 on WordPress Booked Event cross site scripting

Build Beautiful Conversational Forms Plugin up to 1.4.2 on WordPress Publish ID Setting cross site scripting

Contact Form & Lead Form Elementor Builder Plugin up to 1.6.3 on WordPress cross site scripting

Paid Memberships Pro Plugin up to 2.6.5 on WordPress Admin Page cross site scripting

Gwolle Guestbook Plugin up to 4.1.x on WordPress Admin Page gwolle_gb_user_email cross site scripting

WPFront User Role Editor Plugin prior 3.2.1.11184 on WordPress Admin Dashboard changes-saved cross site scripting

Smart Floating & Sticky Buttons Plugin up to 2.5.4 on WordPress Parameter cross site scripting

WordPress Download Manager Plugin prior 3.2.22 on WordPress Template Data wpdm_save_template cross site scripting

WP RSS Aggregator Plugin prior 4.19.3 on WordPress System Info Admin Dashboard wprss_dismiss_addon_notice cross site scripting

vim use after free [CVE-2021-4173]

Avast Antivirus up to 20.3 Sandbox permission

Avast Antivirus up to 20.3 Sandbox access control

Avast Antivirus up to 20.7 Self-Defense Driver wsc_proxy.exe access control

Avast Antivirus up to 20.3 access control [CVE-2021-45338]

Avast Antivirus up to 20.3 Trusted Process access control

Apache APISIX Dashboard up to 2.10.0 Manager API missing authentication

IBM OPENBMC OP910 Web UI cross site scripting [CVE-2021-38961]

Qibosoft 7 Article post.php cross-site request forgery