CVE-2023-5006

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...

CVE-2023-5006 WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...

CVE-2023-5006

CVE-2023-5006 (WP Discord Invite) : The WordPress plugin WP Discord Invite is vulnerable to a CSRF flaw in versions before 2.5.1, enabling an unauthenticated attacker to cause actions on behalf of an authenticated admin by tricking them into submitting crafted requests. Public details confirm the...

PT-2024-13853 · WordPress · Wp Discord Invite

Name of the Vulnerable Software and Affected Versions: WP Discord Invite WordPress plugin versions prior to 2.5.1 Description: The issue allows an unauthenticated attacker to perform actions on behalf of a logged-in administrator by tricking them into submitting a crafted request, due to a lack o...

WordPress Plugin WP Discord Invite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

FreeSWITCH 1.10.10 Denial Of Service Vulnerability

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...

Possible injection of HTML into user invite mails

Impact A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Explanation of the vulnerability A person with access to the backoffice and the "users" section could send a user invite and inject HTML code into the invite message...

GHSA-XXC6-35R7-796W Possible injection of HTML into user invite mails

Impact A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Explanation of the vulnerability A person with access to the backoffice and the "users" section could send a user invite and inject HTML code into the invite message...

CVE-2023-47629

DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the defau...

CVE-2023-47629 Privilege escalation through email sign-up in datahub

DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the defau...

PT-2023-30523 · Datahub · Datahub

Name of the Vulnerable Software and Affected Versions: DataHub versions prior to 0.12.1 Description: The issue concerns an open-source metadata platform where sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-u...

DataHub Security Breach

DataHub is an open source metadata platform for modern data stacks from datahub-project. A security vulnerability exists in versions of DataHub prior to 0.12.1 that stems from allowing an attacker to register an administrator account via an email invitation link...

WordPress WP Discord Invite Plugin < 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Discord Invite Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5181 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 189ce186d624 Credits Bob Matyas Required...

WordPress WP Discord Invite Plugin < 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Discord Invite Type Plugin Vulnerable versions 2.5.1 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5006 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ddd467b1e925 Credits Enrico Marcolini...

CVE-2023-5181

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5181

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5181 WP Discord Invite < 2.5.2 - Admin+ Stored Cross Site Scripting

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5181

CVE-2023-5181 concerns the WordPress plugin WP Discord Invite prior to version 2.5.2, in which certain plugin settings are not properly sanitized or escaped. The underlying cause is insufficient sanitization/escaping of settings, which could allow a high-privilege user (e.g., an administrator) to...

WordPress Plugin WP Discord Invite Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.95.0.0) +7 more potentially affected by CVE-2023-43796 via matrix-synapse (>=0.33.9 <=1.95.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-43796 Source advisory: OSV:GHSA-MP92-3JFM-3575...