Permalink
CVE-2024-25096
10.0 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7.
References
- https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-… vdb-entry
- https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-… vdb-entry
- https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-… vdb-entry
- https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-… x_transferred vdb-entry
Affected products
canto
- =<3.0.7
Matching in nixpkgs
pkgs.canto-curses
Ncurses-based console Atom/RSS feed reader
-
nixos-unstable -
- nixpkgs-unstable 0.9.9
pkgs.canto-daemon
Daemon for the canto Atom/RSS feed reader
-
nixos-unstable -
- nixpkgs-unstable 0.9.8
pkgs.kdePackages.cantor
Front end to powerful mathematics and statistics packages
-
nixos-unstable -
- nixpkgs-unstable 25.08.1
pkgs.python312Packages.cantools
Tools to work with CAN bus
-
nixos-unstable -
- nixpkgs-unstable 40.5.0
pkgs.python313Packages.cantools
Tools to work with CAN bus
-
nixos-unstable -
- nixpkgs-unstable 40.5.0
pkgs.haskellPackages.cantor-pairing
Convert data to and from a natural number representation
-
nixos-unstable -
- nixpkgs-unstable 0.2.0.2
Package maintainers
-
@devhell devhell <"^"@regexmail.net>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@K900 Ilya K. <me@0upti.me>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@gray-heron Cezary Siwek <ave+nix@cezar.info>