WordPress Blog Designer - Post and Widget Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software Blog Designer - Post and Widget Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 364b0ab37c11 Credits Abdi Pranata...

CVE-2023-35356

creationtimestamp| type| source ---|---|--- 2023-08-11 11:17:53+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8828 2024-04-18 16:45:00+00:00| seen| https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html 2024-10-25 17:30:00+00:00| seen|...

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

Cryptographic flaws still matter. Heres a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild. EDITED TO ADD 8/14: A good explainer...

CVE-2023-27412

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Mocho Blog theme = 1.0.4 versions...

CVE-2023-27412

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Mocho Blog theme = 1.0.4 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Mocho Blog theme = 1.0.4 versions...

CVE-2023-27412 WordPress Mocho Blog Theme <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Mocho Blog theme = 1.0.4 versions...

CVE-2023-27412

CVE-2023-27412 is a WordPress Mocho Blog Theme vulnerability: unauthenticated, reflected XSS in Mocho Blog theme versions

CVE-2023-27412 WordPress Mocho Blog Theme <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Mocho Blog theme = 1.0.4 versions...

WordPress plugin Mocho Blog cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...

PT-2023-21100 · Everest Themes · Mocho Blog Theme

Name of the Vulnerable Software and Affected Versions: Everest themes Mocho Blog theme versions 1.0.4 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially...

WordPress WPCode - Insert Headers and Footers Plugin < 2.0.9 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones Run the below command in the developer console ...

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones PoC Run the below command in the developer...

Apache Roller Cross-Site Scripting Vulnerability

Apache Roller is a Java-based multi-user open source blogging system from the Apache Foundation. A cross-site scripting vulnerability exists in Apache Roller that stems from input validation and insufficient cleanup found in the Weblog Category name, site about information, and file upload...

WordPress Simple Blog Card Plugin < 1.32 is vulnerable to Sensitive Data Exposure

Software Simple Blog Card Type Plugin Vulnerable versions 1.32 Fixed in 1.32 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0b1d4664953 Credits N/A Required privilege Subscriber...

Exploit for CVE-2023-38646

CVE-2023-38646 - Metabase Pre-auth RCE !Untitled presentatio...

WordPress Simple Blog Card Plugin <= 1.30 is vulnerable to Cross Site Scripting (XSS)

Software Simple Blog Card Type Plugin Vulnerable versions = 1.30 Fixed in 1.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db23b5207e83 Credits Unknown Required privilege...

Empowering Future Minds: The Indispensable Role of Coding for Kids

By Waqas Why Coding for Kids is Vital - Importance & Benefits Explained! In an era dominated by rapid technological… This is a post from HackRead.com Read the original post: Empowering Future Minds: The Indispensable Role of Coding for Kids...