CVE-2023-4549

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...

EUVD-2023-50810

Malicious code in bioql PyPI...

CVE-2023-46608

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

CVE-2023-46608

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

CVE-2023-46608 WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

CVE-2023-46608 WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through = 3.7.1...

WordPress plugin DoLogin Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints

Description The DoLogin Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple REST functions in versions up to, and including, 3.7.1. This makes it possible for unauthenticated attackers to send test SMS messages to arbitrar...

WordPress DoLogin Security Plugin <= 3.7.1 is vulnerable to Broken Access Control

Software DoLogin Security Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46608 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 5adc7395b967 Credits Mika Required privilege...

WordPress DoLogin Security Plugin < 3.7.1 is vulnerable to Sensitive Data Exposure

Software DoLogin Security Type Plugin Vulnerable versions 3.7.1 Fixed in 3.7.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-4800 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3a18978f1a90 Credits Bartlomiej Marek and Tomasz...

CVE-2023-4800

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...

CVE-2023-4800 DoLogin Security < 3.7.1 - Subscriber+ IP Address leak

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...

CVE-2023-4800 DoLogin Security < 3.7.1 - Subscriber+ IP Address leak

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users...

CVE-2023-4800

Affected software: DoLogin Security WordPress plugin (before 3.7.1). Vulnerability: The widget displaying IPs of failed logins is accessible to low-privileged users, exposing potentially sensitive data. Impact (as stated): Sensitive data exposure (high confidentiality impact per the published CVS...

WordPress plugin DoLogin Security security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-30664 · WordPress · Dologin Security

Name of the Vulnerable Software and Affected Versions: DoLogin Security WordPress plugin versions prior to 3.7.1 Description: The issue concerns the DoLogin Security WordPress plugin, which does not restrict access to a widget showing IPs of failed logins to low-privileged users. This could...

WordPress DoLogin Security Plugin < 3.7 is vulnerable to Cross Site Scripting (XSS)

Software DoLogin Security Type Plugin Vulnerable versions 3.7 Fixed in 3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4549 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea7d8ad59ce2 Credits Bartlomiej Marek and...

CVE-2023-4631

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing...

Cross site scripting

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...

CVE-2023-4549

CVE-2023-4549 concerns the DoLogin Security WordPress plugin, affected versions prior to 3.7. The vulnerability stems from improper sanitization of IPs from the X-Forwarded-For header, enabling a stored Cross-Site Scripting (XSS) attack through WordPress’ login form. Public references in the prov...