13Oca
A week in security (January 6 – January 12)
A list of topics we covered in the week of January 6 to January 12 of 2025
13Oca
CVE-2024-12568 | Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress Workflow Setting cross site scripting
A vulnerability classified as problematic was found in Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress. Affected by this vulnerability is an unknown functionality of the component Workflow Setting Handler. The manipulation leads to c…
13Oca
CVE-2024-12567 | Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress Form Setting cross site scripting
A vulnerability classified as problematic has been found in Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress. Affected is an unknown function of the component Form Setting Handler. The manipulation leads to cross site scripting.
This…
13Oca
CVE-2024-12566 | Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress Form Setting cross site scripting
A vulnerability was found in Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Form Setting Handler. The manipulation leads to cross site sc…
13Oca
CVE-2024-11636 | Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress Text Block Option cross site scripting
A vulnerability was found in Icegram Express Email Subscribers Plugin up to 5.7.44 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Text Block Option Handler. The manipulation leads to cross si…
13Oca
CVE-2024-42180 | HCL DRYiCE MyXalytics 6.3 unrestricted upload (KB0118149)
A vulnerability was found in HCL DRYiCE MyXalytics 6.3. It has been classified as problematic. This affects an unknown part. The manipulation leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2024-42180. It is possible to …
13Oca
CVE-2024-42181 | HCL DRYiCE MyXalytics 6.3 Communication Channel cleartext transmission (KB0118149)
A vulnerability was found in HCL DRYiCE MyXalytics 6.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Communication Channel Handler. The manipulation leads to cleartext transmission of sensitive inf…
13Oca
CVE-2025-0412 | Luxion KeyShot Viewer 12.1.1.11 KSP File Parser memory corruption (ZDI-23-1716)
A vulnerability has been found in Luxion KeyShot Viewer 12.1.1.11 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KSP File Parser. The manipulation leads to memory corruption.
This vulnerability …
13Oca
CVE-2024-12274 | Appointment Booking Calendar Plugin and Scheduling Plugin Export Setting information disclosure
A vulnerability, which was classified as problematic, was found in Appointment Booking Calendar Plugin and Scheduling Plugin up to 1.1.22 on WordPress. Affected is an unknown function of the component Export Setting Handler. The manipulation leads to i…
13Oca
CVE-2024-42179 | HCL DRYiCE MyXalytics 6.3 HTTP Response Header information disclosure (KB0118149)
A vulnerability, which was classified as problematic, has been found in HCL DRYiCE MyXalytics 6.3. This issue affects some unknown processing of the component HTTP Response Header Handler. The manipulation leads to information disclosure.
The identifi…
