Jose Alexis Correa Valencia, Author at AlterPlex

4 Mar 2025

CVE-2024-13724

Título es
CVE-2024-13724

Mar, 04/03/2025 – 09:15

Tipo
CWE-285

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-13724

Descripción en
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce/trunk&old=3231275%40wallet-system-for-woocommerce/trunk

https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f?source=cve

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-0958

Título es
CVE-2025-0958

Mar, 04/03/2025 – 10:15

Tipo
CWE-20

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-0958

Descripción en
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ajax-actions/send-private-msg.php#L35

https://plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ultimate-auction.php#L219

https://plugins.trac.wordpress.org/browser/ultimate-auction/trunk/ultimate-auction.php#L274

https://plugins.trac.wordpress.org/changeset/3242416/ultimate-auction/trunk/ultimate-auction.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/af3675c9-3a6b-4139-85e8-2fc57f290e82?source=cve

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-0370

Título es
CVE-2025-0370

Mar, 04/03/2025 – 10:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-0370

Descripción en
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/lightbox.php#L75

https://plugins.trac.wordpress.org/changeset/3229060/

WP Shortcodes Plugin — Shortcodes Ultimate

https://www.wordfence.com/threat-intel/vulnerabilities/id/f0869c35-9ea8-46a5-8bba-23d7ef47355a?source=cve

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-0360

Título es
CVE-2025-0360

Mar, 04/03/2025 – 06:15

Tipo
CWE-863

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-0360

Descripción en
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://www.axis.com/dam/public/b1/fe/46/cve-2025-0360pdf-en-US-466887.pdf

Enviar en el boletín
Off

4 Mar 2025

CVE-2024-58045

Título es
CVE-2024-58045

Mar, 04/03/2025 – 08:15

Tipo
CWE-362

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58045

Descripción en
Multi-concurrency vulnerability in the media digital copyright protection module
Impact: Successful exploitation of this vulnerability may affect availability.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://consumer.huawei.com/en/support/bulletin/2025/3/

Enviar en el boletín
Off

4 Mar 2025

CVE-2024-58044

Título es
CVE-2024-58044

Mar, 04/03/2025 – 08:15

Tipo
CWE-20

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58044

Descripción en
Permission verification bypass vulnerability in the notification module
Impact: Successful exploitation of this vulnerability may affect availability.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://consumer.huawei.com/en/support/bulletin/2025/3/

Enviar en el boletín
Off

4 Mar 2025

CVE-2024-58043

Título es
CVE-2024-58043

Mar, 04/03/2025 – 08:15

Tipo
CWE-840

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58043

Descripción en
Permission bypass vulnerability in the window module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://consumer.huawei.com/en/support/bulletin/2025/3/

Enviar en el boletín
Off

4 Mar 2025

CVE-2024-58050

Título es
CVE-2024-58050

Mar, 04/03/2025 – 08:15

Tipo
CWE-200

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58050

Descripción en
Vulnerability of improper access permission in the HDC module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://consumer.huawei.com/en/support/bulletin/2025/3/

Enviar en el boletín
Off

4 Mar 2025

CVE-2024-58049

Título es
CVE-2024-58049

Mar, 04/03/2025 – 08:15

Tipo
CWE-200

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58049

Descripción en
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://consumer.huawei.com/en/support/bulletin/2025/3/

Enviar en el boletín
Off

4 Mar 2025

CVE-2024-58048

Título es
CVE-2024-58048

Mar, 04/03/2025 – 08:15

Tipo
CWE-362

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-58048

Descripción en
Multi-thread problem vulnerability in the package management module
Impact: Successful exploitation of this vulnerability may affect availability.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
6.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://consumer.huawei.com/en/support/bulletin/2025/3/

Enviar en el boletín
Off

Autor: Jose Alexis Correa Valencia