CVE-2023-45073

CVE-2023-45073 corresponds to a stored XSS in the WordPress Mendeley Plugin (admin+ access) affecting plugin versions <= 1.3.2 (and reported in related entries as

CVE-2023-31217 WordPress User Location and IP Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...

CVE-2023-45072

CVE-2023-45072: Authenticated (admin+) Stored XSS in Kardi Order auto complete for WooCommerce, affected plugin versions

CVE-2023-45067

The CVE-2023-45067 affects WordPress plugin WordPress Simple HTML Sitemap (

CVE-2023-45059 WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

CVE-2023-45051

CVE-2023-45051 is an Auth. (admin+) Stored XSS in the WordPress plugin “Image vertical reel scroll slideshow.” The vulnerability affects the plugin’s image slideshow function and is caused by insufficient escaping/validation of inputs, permitting stored XSS when an admin with unfiltered HTML cont...

CVE-2023-45049

CVE-2023-45049 affects the WordPress YouTube Playlist Player plugin (

CVE-2023-44990

CVE-2023-44990 affects the WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress, specifically versions

CVE-2023-46066

CVE-2023-46066 affects Mediabay – Media Library Folders plugin (WordPress) versions

CVE-2023-44987 WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-44984 WordPress bbp style pack Plugin <= 5.6.7 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Robin Wilson bbp style pack plugin = 5.6.7 versions...

CVE-2023-44984

CVE-2023-44984: WordPress bbp style pack plugin

Exploit for CVE-2023-38646

Metabase Pre-Auth RCE CVE-2023-38646 POC This is a python sc...

SUSE-RU-2023:4066-1 Recommended update for libssh2_org

This update for libssh2org fixes the following issues: libssh2org was upgraded to version 1.11.0 in SUSE Linux Enterprise Server 12 SP5 jscPED-5721 Version update to 1.11.0: Enhancements and bugfixes: - Adds support for encrypt-then-mac ETM MACs - Adds support for AES-GCM crypto protocols - Adds...

CVE-2023-23651

The CVE-2023-23651 entry concerns the WordPress plugin MainWP Google Analytics Extension (

HTTP Auth < 1.0.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: gobuster, gke-gcloud-auth-plugin, kubevela, pulumi-language-java, kubeflow-katib, kots, skaffold, sigstore-scaffolding, gitness, flux-helm-controller, oauth2-proxy, secrets-store-csi-driver, src, hey, slsa-verifier, kind, grpcurl, bom, fuse-overlayfs-snapshotter,...

Exploit for CVE-2023-38646

Metabase Pre-Auth RCE CVE-2023-38646 POC This is a script w...

Fedora 37 : exim (2023-0a7690525f)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0a7690525f advisory. This is an exim update fixing several security problems. Tenable has extracted the preceding description block directly from the Fedora security...

Exploit for CVE-2023-38646

CVE-2023-38646 The original script originates from securezer...