CVE-2024-6883
published 2024-08-21CVE-2024-6883: The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.28%
19.9th percentile
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eventespresso | event_espresso | < 5.0.22 | 5.0.22 |
| eventespresso | event_espresso_event_registration_ticketing_sales | <= 4.10.46.decaf | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-52428 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
bugzilla·2024-09-04·CVSS 7.5
CVE-2023-52428 [HIGH] CVE-2023-52428 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
CVE-2023-52428 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Discussion:
This issue has been addressed in the following products:
Red Hat build of Apache Camel 3.20.7 for Spring Boot
Via RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:6883
---
This issue has been addressed in the following products:
Red Hat build of Apache Camel 4.4.3 for Spring Boot
Via RHSA-2024:8064 https://access.redhat.com/errata/RHSA-2024:8064
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL
Bugzilla
CVE-2024-32007 apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
bugzilla·2024-07-19·CVSS 7.5
CVE-2024-32007 [HIGH] CVE-2024-32007 apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
CVE-2024-32007 apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
Discussion:
This issue has been addressed in the following products:
Red Hat build of Apache Camel 3.20.7 for Spring Boot
Via RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:6883
---
This issue has been addressed in the following products:
Red Hat build of Apache Camel for Quarkus 2.13
Via RHSA-2024:7052 https://access.redhat.com/errata/RHSA-2024:7052
Bugzilla
CVE-2024-29736 apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter
bugzilla·2024-07-19·CVSS 9.1
CVE-2024-29736 [CRITICAL] CVE-2024-29736 apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter
CVE-2024-29736 apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
Discussion:
This issue has been addressed in the following products:
Red Hat build of Apache Camel 3.20.7 for Spring Boot
Via RHSA-2024:6883 https://access.redhat.com/errata/RHSA-2024:6883
2024-08-21
Published