6613 matches found
CVE-2023-23808
CVE-2023-23808 affects the WordPress Sponsors Carousel plugin for versions prior to or equal to 4.02. The issue is an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in the Sponsors Carousel plugin, with the root cause described as stored XSS. The available sources indicate...
CVE-2023-23809
CVE-2023-23809 concerns a stored XSS in the WordPress plugin “Stock market charts from finviz” (plugin versions
CVE-2023-23708
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.4 versions...
CVE-2023-23874
CVE-2023-23874 is a stored XSS vulnerability in the WordPress Ditty plugin (versions ≤ 3.0.32) affecting contributors. The issue is caused by an insufficient input sanitization in the plugin, allowing malicious scripts to be stored and potentially executed in user sessions. The connected sources ...
CVE-2023-23820
The CVE-2023-23820 entry concerns the WordPress ProfilePress Plugin (Membership Team) versions <= 4.5.4. The vulnerability is a stored XSS that requires authentication (contributors or higher) to exploit. The available documents specify the issue as an Auth. (contributor+) Stored Cross-Site Sc...
CVE-2023-25797
Auth. Stored Cross-Site Scripting XSS vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin = 4.1.2 versions...
CVE-2023-22713
The CVE-2023-22713 issue affects WordPress Download Manager Gutenberg Blocks plugin (
CVE-2023-25796
CVE-2023-25796 is a stored XSS in the WordPress plugin WP BaiDu Submit (
CVE-2023-25798
CVE-2023-25798 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Olevmedia Shortcodes (versions 1.1.9) to mitigate risk. Monitor for official patch details as they become publicly available.
CVE-2023-25797
CVE-2023-25797 affects WordPress plugin vSlider Multi Image Slider for WordPress (
CVE-2023-25784
CVE-2023-25784 refers to an admin+ stored XSS in the WordPress plugin Sticky Ad Bar (older name variants) up to version 1.3.1. Public sources in the connected documents consistently describe the flaw as arising from inadequate sanitization/escaping of plugin settings, enabling stored XSS by high-...
CVE-2023-25792
CVE-2023-25792 is an Authenticated Stored XSS vulnerability in the XiaoMac WP Open Social plugin (versions
Debian: Security Advisory (DLA-3409-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-3409-1 libapache2-mod-auth-openidc - security update
Bulletin has no description...
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Concrete CMS previously concrete5 before 9.2 is vulnerable to possible Auth bypass in the jobs section...
CVE-2023-28473
Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section...
Design/Logic Flaw
Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section...
CVE-2023-28473
Concrete CMS (formerly concrete5) versions 8.5.12 and earlier, and 9.0–9.1.3, are vulnerable to an authentication bypass in the jobs section. The issue stems from insufficient authentication checks (Job.php) and has been discussed in multiple advisories. Remediation: upgrade to version 9.2 or lat...
CVE-2023-28473
Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section...
CVE-2023-28473
Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section...