CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33969 – WordPress Flipbox plugin <= 2.6.0 - Authenticated WordPress Options Change vulnerability
https://notcve.org/view.php?id=CVE-2022-33969
25 Jul 2022 — Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. Una vulnerabilidad de Cambio de Opciones de WordPress Autenticado en el plugin Flipbox de Biplob Adhikari versiones anteriores a 2.6.0 incluyéndola en WordPress The Flipbox – Awesomes Flip Boxes Image Overlay plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 2.6.0. This is due to a lack of validation on the settings supplied to the oxi_settings() fun... • https://patchstack.com/database/vulnerability/image-hover-effects-ultimate-visual-composer/wordpress-flipbox-plugin-2-6-0-authenticated-wordpress-options-change-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15810
https://notcve.org/view.php?id=CVE-2018-15810
27 Aug 2018 — Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. Visiology Flipbox Software Suite en versiones anteriores a la 2.7.0 permite el salto de directorio mediante %5c%2e%2e%2f debido a que no sanea los parámetros de nombre de archivo. • http://flipbox.net/news/620 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •