CVE-2023-5611

CVE-2023-5611 affects the Seraphinite Accelerator WordPress plugin (versions prior to 2.20.32). The vulnerability stems from missing authorization and CSRF protections when resetting/importing settings, allowing unauthenticated users to reset settings. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U...

CVE-2023-5611 Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them...

WordPress plugin Seraphinite Accelerator security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability previously...

CVE-2023-5609

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5610

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect...

CVE-2023-5610

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect...

Design/Logic Flaw

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect...

Cross site scripting

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5610

CVE-2023-5610 concerns the Seraphinite Accelerator WordPress plugin, affected versions up to 2.20.28, which do not validate the redirect URL for authenticated users, enabling an open redirect. The issue is an authenticated arbitrary redirect via a crafted redirect URL (e.g., via admin-ajax.php), ...

CVE-2023-5610 Seraphinite Accelerator < 2.20.29 - Authenticated Arbitrary Redirect

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect...

CVE-2023-5609 Seraphinite Accelerator < 2.20.29 - Reflected XSS

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5609

CVE-2023-5609 affects the Seraphinite Accelerator WordPress plugin

PT-2023-32212 · WordPress · Seraphinite Accelerator

Name of the Vulnerable Software and Affected Versions: Seraphinite Accelerator WordPress plugin versions prior to 2.2.29 Description: The issue concerns the lack of validation for URLs that can redirect authenticated users, potentially leading to arbitrary redirects. Recommendations: For versions...

WordPress Plugin Seraphinite Accelerator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Seraphinite Accelerator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Important: Red Hat Security Advisory: rh-varnish6-varnish security update

An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Mutiple Vulnerabilties Affecting Watson Machine Learning Accelerator on Cloud Pak for Data version

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data version 2.6.0 is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2022-29361 DESCRIPTION: Pallets Werkzeug is vulnerable to HTTP request smuggling, caus...

Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 only adding authorisation checks. CSRF checks were added in 2.20.32 As an unauthenticated user, open...

Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 only adding authorisation checks. CSRF checks were added in 2.20.32 PoC As an unauthenticated user,...

WordPress Seraphinite Accelerator Plugin <= 2.20.31 is vulnerable to Cross Site Request Forgery (CSRF)

Software Seraphinite Accelerator Type Plugin Vulnerable versions = 2.20.31 Fixed in 2.20.32 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c9ee918e329b Credits N/A Required...