DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

WordPress Responsive theme <= 5.0.2 - Missing Authorization to HMTL Injection vulnerability

Missing Authorization to HMTL Injection vulnerability discovered by Krzysztof Zając - CERT PL, Muhammad Zeeshan Xib3rR4dAr in WordPress Theme Responsive versions = 5.0.2...

$2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 6th, 2024, during our second Bug Bounty...

WordPress Ajax Load More plugin <= 5.5.3 - Authenticated Arbitrary File Read vulnerability

Authenticated Arbitrary File Read vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ajax Load More plugin versions = 5.5.3. Solution Update the WordPress Ajax Load More plugin to the latest available version at least 5.5.4...

WordPress Ajax Load More plugin <= 5.5.3 - Directory Traversal vulnerability

Directory Traversal vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ajax Load More plugin versions = 5.5.3. Solution Update the WordPress Ajax Load More plugin to the latest available version at least 5.5.4...

WordPress Simple Banner plugin <= 2.11.0 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Simple Banner plugin versions = 2.11.0. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.12.0...

WordPress GTM4WP plugin <= 1.15.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress GTM4WP plugin versions = 1.15.1. Solution Update the WordPress GTM4WP plugin to the latest available version at least 1.15.2...

WordPress Ninja Forms File Uploads Extension premium plugin <= 3.3.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.3.0. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least...

WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability via currentpageid discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...