tomorroisnew

34 exploits Active since Aug 2021
CVE-2022-1250 GITHUB MEDIUM NO CODE
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting via Payment Confirmation Page
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
2 stars
CVSS 6.1
CVE-2022-23644 GITHUB HIGH NO CODE
BookWyrm < 0.3.0 - Authenticated Server-Side Request Forgery via Cover URL Load
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.
2 stars
CVSS 8.8
CVE-2022-26243 GITHUB HIGH NO CODE
Tenda AC10-1200 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.
2 stars
CVSS 7.5
CVE-2022-29454 GITHUB LOW NO CODE
WordPlus Better Messages <= 1.9.9.148 - Cross-Site Request Forgery via File Upload
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.
2 stars
CVSS 3.1
CVE-2022-33901 GITHUB MEDIUM NO CODE
MultiSafepay <4.13.1 - Info Disclosure
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.
2 stars
CVSS 5.3
CVE-2022-38144 GITHUB HIGH NO CODE
gVectors Team wpForo Forum <2.0.5 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
2 stars
CVSS 8.8
CVE-2022-39211 GITHUB LOW NO CODE
Nextcloud Server < 23.0.8 and Nextcloud Enterprise Server < 22.2.10.4 - Server-Side Request Forgery
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.
2 stars
CVSS 3.0
CVE-2023-5375 GITHUB MEDIUM NO CODE
mosparo < 1.0.2 - Open Redirect
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
2 stars
CVSS 6.1
CVE-2023-5498 GITHUB MEDIUM NO CODE
chiefonboarding < 2.0.47 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47.
2 stars
CVSS 4.3