| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with only the OpenFlags::TRUNCATE oflag. The root cause is that the clause handling OpenFlags::TRUNCATE in crates/wasi/src/filesystem.rs (Dir::open_at, lines 967–969) did not set open_mode |= OpenMode::WRITE;, which is later used for the access control check against FilePerms to determine whether opening the file is permitted; the single-line fix adds that missing assignment, after which the affected calls correctly fail with error-code.not-permitted and ERRNO_PERM respectively. Only wasmtime-wasi embeddings that combine DirPerms::MUTATE with FilePerms::READ are affected by this bug. In particular, the Wasmtime project's wasmtime-cli's use of wasmtime-wasi is not affected, because it always sets FilePerms::all() for all preopens. This issue has been fixed in versions 24.0.9, 36.0.10 and44.0.2. |
| Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions. |
| Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions. |
| Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions. |
| Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions. |
| Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. |
| Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. |
| Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. |
| Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. |
| Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. |
| WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server. |
| Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. |
| Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. |
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. |
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. |
| Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. |