Vulnerabilities and security researches forinteractive-medical-drawing-of-human-body interactive-medical-drawing-of-human-body

Direction: descending

Jun 13, 2026

Interactive Medical Drawing of Human Body # CVE-2023-53593

CVE, Research URL: CVE-2023-53593
Home page URL: Security reports for Interactive Medical Drawing of Human Body
Application: Interactive Medical Drawing of Human Body
Date: Oct 04, 2025
Research Description: In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as: > The filesystem should unlock the folio once the read has completed, > whether it was successful or not. Without this change, when fscache is in use and cache hit occurs during a read, the page lock is leaked, producing the following stack on subsequent reads (via mmap) to the page: $ cat /proc/3890/task/12864/stack [<0>] folio_wait_bit_common+0x124/0x350 [<0>] filemap_read_folio+0xad/0xf0 [<0>] filemap_fault+0x8b1/0xab0 [<0>] __do_fault+0x39/0x150 [<0>] do_fault+0x25c/0x3e0 [<0>] __handle_mm_fault+0x6ca/0xc70 [<0>] handle_mm_fault+0xe9/0x350 [<0>] do_user_addr_fault+0x225/0x6c0 [<0>] exc_page_fault+0x84/0x1b0 [<0>] asm_exc_page_fault+0x27/0x30 This requires a reboot to resolve; it is a deadlock. Note however that the call to cifs_readpage_from_fscache does mark the page clean, but does not free the folio lock. This happens in __cifs_readpage_from_fscache on success. Releasing the lock at that point however is not appropriate as cifs_readahead also calls cifs_readpage_from_fscache and *does* unconditionally release the lock after its return. This change therefore effectively makes cifs_readpage_worker work like cifs_readahead.
Affected versions: max 2.6.
Status: vulnerable

Oct 11, 2025

Interactive Medical Drawing of Human Body # CVE-2025-9332

CVE, Research URL: CVE-2025-9332
Home page URL: Security reports for Interactive Medical Drawing of Human Body
Application: Interactive Medical Drawing of Human Body
Date: Oct 03, 2025
Research Description: The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 2.6.
Status: vulnerable

Jun 10, 2024

Interactive Medical Drawing of Human Body # CVE-2022-0388

CVE, Research URL: CVE-2022-0388
Home page URL: Security reports for Interactive Medical Drawing of Human Body
Application: Interactive Medical Drawing of Human Body
Date: Mar 28, 2022
Research Description: The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: max 2.6.
Status: vulnerable