On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.
e3ba7e7e5a2df6cde42d9ee75f8bec79e5251c694adb11dfae0969e813acffdb
OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.
878b6d4e07e3ca1216865ef2e9312235d0ef20675c4ac011f7949b86a24ac5af
WordPress Slider Revolution plugin version 4.9.2 suffers from a directory traversal vulnerability.
b974aee33a66e29925be0ab29843b305b114f9a63e635ad75ca2c10d50af3474
WordPress Slider Revolution plugin version 4.6.5 suffers from a directory traversal vulnerability.
c0ad551826885e99515a7f31a6660bf3f6f546a33382b918ec3a80f8f2c57bbc
WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.
83b023ff748b63a814933d6674398e32e4fb2ba5c520cc7997e01b2a23da875c
WordPress Slider Revolution plugin version 4.1.2 suffers from a directory traversal vulnerability.
d3b71e6cca26b526cd8c1ef3f9be1a645c838d5b2349fa4c8be240892908d108
WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.
129c075ad285b288723e5f16312e3c90c87bccd10a3436f09ab9fdb5cfb03d53
Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. Affected versions include HX200 8.3.1.14, HX90 6.11.0.5, HX50L 6.10.0.18, HN9460 8.2.0.48, and HN7000S 6.9.0.37.
01732a937c344613efd7c1ef744f546511c874deecd845ef0ca2d232baf0e177
ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.
ee31da97db0bda4a3b42019ff3e199e34d24625e0b83fa1d18f2b97da9c2728c
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr versions 0.20.0 and earlier allows attackers to read arbitrary files on the local machine via a malicious 7z file extraction.
7aa7ca72652dab91234127d8332a19316f0f61be17e1c626e65aae18d9435347
Drupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.
29cd61d23f4b78dbb93cdc479cba570c70b094e72db31910170d0c3eb73d58f8
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 suffers from a path traversal vulnerability.
a78de92013681ef6d9eab5f28cda6712397f5a30d67a7a27854785925a87f96a
SAP Manufacturing Execution Core versions 15.1 through 15.3 suffer from a path traversal vulnerability.
d2c66b61de7a4021d8a7f4c40b09c163f1f708ce3aa8581767e5edaefd4cc198
PhotoSync version 4.7 suffers from a local file inclusion vulnerability.
f5e6b3cd183e91afacf647b3547160e0d93026087e059f1843c8761cd5e32985
Owlfiles File Manager version 12.0.1 suffers from local file inclusion and path traversal vulnerabilities.
5e1df728b64bebf1797218fca034b9eeed532e773c31131307d679d65b406b40
InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability.
c9873dff912c339fc99f6c1c0d26c32ecee59d977893de8864d051af5bba5038
@Drive version 2.8 suffers from a local file inclusion vulnerability.
1c242342304c59d9a82db2eb45e80f971e783004a6b81e805655fb5adc09c690
FE File Explorer version 11.0.4 suffers from a local file inclusion vulnerability.
9596719bde6a381ce9f18435b2517e8ecf2d1838ab031974d2c37d361f760254
FTPManager version 8.2 suffers from local file inclusion and directory traversal vulnerabilities.
3e761447e17269780279f6f239a28cde76f4d7d642e4fd2bf87303f7df3f583c
Wifi HD Wireless Disk Drive version 11 suffers from a local file inclusion vulnerability.
b20518edc15d62d991e82375c15b066d88b50865b9271eeedc4ac3a8e580a204
FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities.
d4b0fa3d39bb7d9eb67520d399557821deb5682ab4e0f91e473b5af510fec4d7
uftpd versions 2.7 through 2.10 suffer from an authenticated directory traversal vulnerability.
49eb3cd8623927e2347974445c0565c0ed3386c36a6f12fc4e148713a5029fd8
Omnia MPX version 1.5.0+r1 suffers from a path traversal vulnerability.
255a6f7727bdeaa16975148c3367339b2e812a601460e5e6e74bd1dfbe0dd441
CuteEditor For PHP version 6.6 suffers from a directory traversal vulnerability.
7af1d2df53c59d35bae895eb4619ecd262232aacf7df548b05790ea206f4dec7
mPDF version 7.0 suffers from a local file inclusion vulnerability.
d9e2013ea0d6ee6260c03fe9651f945af86d37023bb012c16b218a5ba2c4c1f8