6609 matches found
CVE-2023-27413
CVE-2023-27413 affects WordPress W4 Post List plugin versions
CVE-2023-27429
CVE-2023-27429 affects the WordPress Jetpack CRM plugin, versions
CVE-2023-27443
CVE-2023-27443 affects the Grant Kimball Simple Vimeo Shortcode plugin for WordPress, specifically versions
CVE-2023-35878
The CVE-2023-35878 entry concerns the WordPress plugin Extra User Details by Vadym K. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw affecting versions
CVE-2023-35882
CVE-2023-35882 is a stored XSS vulnerability in WordPress plugin Team Heateor Super Socializer (≤7.13.52). The issue affects users with contributor or higher privileges, allowing injection of scripts via stored payloads. Patch guidance from multiple sources indicates the fix is in version 7.13.53...
CVE-2023-35776 WordPress Sermon'e – Sermons Online Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Beplus Sermon'e – Sermons Online plugin = 1.0.0 versions...
CVE-2023-35779
CVE-2023-35779 applies to the Seed Fonts plugin by Seed Webs for WordPress, affecting versions
PT-2023-3171 · Zyxel · Zyxel Nas326 +2
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions prior to V5.21AAZF.14C0 Zyxel NAS540 versions prior to V5.21AATB.11C0 Zyxel NAS542 versions prior to V5.21ABAG.11C0 Description: The pre-authentication command injection issue in Zyxel NAS devices could allow an...
CVE-2023-26527
CVE-2023-26527 affects the WordPress plugin Debug Assistant (WPIndeed Debug Assistant) with a stored XSS vulnerability in versions
CVE-2023-26515
CVE-2023-26515 affects the WordPress plugin Simple Slug Translate (Ko Takagi) , versioned ≤ 2.7.2. The issue is a Stored XSS requiring admin+ privileges . A fix is available in version 2.7.3 ; affected users should upgrade to 2.7.3 or later. Other sources corroborate the same vulnerability scope ...
CVE-2023-26515 WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...
CVE-2023-26541 WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alexander Suess asMember plugin = 1.5.4 versions...
CVE-2023-26013 WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPChill Strong Testimonials plugin = 3.0.2 versions...
CVE-2023-26013
The CVE-2023-26013 entry concerns the WordPress plugin WPChill Strong Testimonials, affected through stored XSS in versions
Open Redirect
@keystone-6/auth is vulnerable to Open Redirect. The vulnerability exists due to improper path sanitization which can result in users being redirected to domains other than the relative host by bypassing the / filter...
CVE-2023-24030
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...
CVE-2023-25972
CVE-2023-25972 affects the WordPress Старт plugin by IKSWEB, with a stored XSS vulnerability in versions
PyLoad 0.5.0 Remote Code Execution
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
@keystone-6/auth Open Redirect vulnerability
Summary There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed. Impact Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. Mitigations - Don't u...
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...