CVE-2023-37064

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section...

CVE-2023-37062

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition...

CVE-2023-2324

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

CVE-2023-2320

The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2023-2795

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1166

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2023-2605

The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin...

CVE-2023-2592

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

PT-2023-20450 · WordPress · Wpbrutalai

Name of the Vulnerable Software and Affected Versions: wpbrutalai WordPress plugin versions prior to 2.0.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. Th...

PT-2023-20314 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine WordPress plugin versions prior to 1.6.83 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

CVE-2023-23811

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Neil Gee Smoothscroller plugin = 1.0.0 versions...

CVE-2023-2805

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2779

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2654

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2600

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2600 Custom Base Terms < 1.0.3 - Admin+ Stored XSS

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-19360 · WordPress · Qubot

Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisit...

Server-side Request Forgery (SSRF)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the injection of arbitrary URLs. An admin-privilege authenticated attacker can force the application to make...

Printer Driver Packager NX creates driver installation packages without modification detection

Overview Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs. The installation and configuration of printer drivers require an administrative...

CVE-2023-32546

Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...