WordPress Automatic YouTube Gallery Plugin < 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Automatic YouTube Gallery Type Plugin Vulnerable versions 2.3.3 Fixed in 2.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed4d7f0ef45b Credits Rafie Muhammad Patchstac...

WordPress Automatic Post Categories Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Post Categories Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6bb02932f9 Credits Rafie Muhammad Patchstack...

CVE-2023-3041

CVE-2023-3041 concerns the Autochat Automatic Conversation WordPress plugin (versions

Security Updates for Outlook C2R Multiple Vulnerabilities (July 2023)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - A security feature bypass vulnerability. CVE-2023-35311 - A spoofing vulnerability. CVE-2023-33151 Note that Nessus has not tested for...

Security Updates for Microsoft Office Products C2R (July 2023)

The Microsoft Office Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - A security feature bypass vulnerability. CVE-2023-33150 - An elevation of privilege vulnerability. CVE-2023-33148 - Multiple remote code execution vulnerabilities...

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments an...

How Qualys Drives PCI DSS 4.0 Compliance for File Integrity Monitoring

The Payment Card Industry Data Security Standard PCI DSS is a well-known rule for compliance by merchants and entities involved in payment card processing. The new PCI DSS 4.0 standard specifies a broad range of technical and process requirements to ensure the safety of payment cardholder data or...

HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service KMS defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the...

GHSA-9VRM-V9XV-X3XR HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service KMS defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the...

Fedora: Security Advisory for suricata (FEDORA-2023-5230b1a68a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for suricata (FEDORA-2023-7e952959f8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: suricata-6.0.13-1.fc38

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Design/Logic Flaw

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

CVE-2023-37256

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

WordPress Autochat Automatic Conversation Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Autochat Automatic Conversation Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3041 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 29d0f8361ae6 Credits Rafael B...

CVE-2022-33166

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586...

Doorkeeper Improper Authentication vulnerability

OAuth RFC 8252 says https://www.rfc-editor.org/rfc/rfc8252section-8.6 the authorization server SHOULD NOT process authorization requests automatically without user consent or interaction, except when the identity of the client can be assured. This includes the case where the user has previously...

CVE-2021-4380

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

CVE-2021-4380 Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

CVE-2021-4380

CVE-2021-4380 affects the Pinterest Automatic plugin for WordPress. The vulnerability is an authorization bypass caused by missing capability checks in the function wp_pinterest_automatic_parse_request and in process_form.php, allowing unauthenticated attackers to update arbitrary WordPress optio...