PT-2023-20864 · Yale · Yale Keyless Lock

Name of the Vulnerable Software and Affected Versions: Yale Keyless Lock version v1.0 Description: The issue is related to weak encryption mechanisms in RFID Tags, which allows attackers to create a cloned tag via physical proximity to the original. Recommendations: For Yale Keyless Lock version...

CVE-2023-47827

Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3...

PT-2023-32667 · Zentaopms · Zentaopms

Name of the Vulnerable Software and Affected Versions: ZenTao PMS version 18.8 Description: A problematic vulnerability was found in the software, affecting an unknown functionality, which leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the...

PT-2023-9054 · Peplink · Peplink Smart Reader

Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: A command injection vulnerability exists in the web interface's mac2name functionality. This issue arises due to the lack of measures to neutralize special elements used in operating system...

Cross site scripting

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

Porto Theme - Functionality < 2.12.1 - Missing Authorization

Description The Porto Theme - Functionality plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to perform an unauthorized...

Porto Theme - Functionality < 2.12.1 - Unauthenticated SQL Injection

Description The Porto Theme - Functionality plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.11.1 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on an existing SQL query. This makes it possible for unauthenticate...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to Broken Access Control

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48739 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID aa73939ac882 Credits Rafie...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48738 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5a7e2b4a3331 Credits Rafie Muhammad Patchstack Required...

WPCafe < 2.2.23 - Missing Authorization

Description The plugin is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make use of the unprotected functionality...

WP Directory Kit < 1.2.7 - Missing Authorization

Description The WP Directory Kit plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on one of its functions in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to make use of functionality intended...

Themify Ultra < 7.3.6 - Missing Authorization

Description The Themify Ultra theme for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 7.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to ma...

CVE-2023-5314

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal...

Design/Logic Flaw

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal...

CVE-2023-5314 WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal...

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396...

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...

Design/Logic Flaw

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396...

CVE-2023-5921

CVE-2023-5921 affects DECE Software Geodi prior to version 8.0.0.27396. The issue is described as an improper enforcement of behavioral workflow that allows a functionality bypass . The material explicitly ties this to Geodi and a version boundary; no exploit details are provided. The recommended...