Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6004-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6004-1 advisory. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs...

Imperva recognized as a Strong Performer in Forrester Wave: Data Security Platforms, Q1 2023

The Forrester Wave evaluated the largest end-to-end providers of data security capabilities across a wide range of functionality to enable controls to enforce data security policies for both structured and unstructured data. In this report, Forrester provides an assessment of the top vendors in t...

XSS in Classification Store of Data Objects module in Settings

Description pimcore is vulnerable to XSS at Name field in Classification Store of Data Objects module in Settings. The vulnerability exists in all 3 tabs: Group Collections, Group, Key Definitions. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left men...

WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.3 Fixed in 5.3.1 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2022-46800 Patch priority Low CVSS severity Low 5.4 Developer Hai Zheng / Lite Speed Cache PSID 9f42f7c99015 Credits...

WordPress Worth The Read Plugin <= 1.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software Worth The Read Type Plugin Vulnerable versions = 1.14 Fixed in 1.14.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 86cfa5e90dc1 Credits István Márton Requir...

WordPress User Registration Plugin <= 2.3.2.1 is vulnerable to PHP Object Injection

Software User Registration Type Plugin Vulnerable versions = 2.3.2.1 Fixed in 2.3.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-27459 Patch priority High CVSS severity High 7.4 Developer Masteriyo PSID e4c6b86e3ea3 Credits Rafie Muhammad Patchstack Required privile...

WordPress Disqus Conditional Load Plugin <= 11.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Disqus Conditional Load Type Plugin Vulnerable versions = 11.1.1 Fixed in 11.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23732 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID edb6737fa0de Credits yuyudhn...

Microsoft achieves first native Cloud Data Management Capabilities certification

Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities CDMC 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part of the EDM Council’s...

WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software Read More Without Refresh Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23793 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1bf9aee89c13 Credits Mika Required...

WordPress Brands for WooCommerce Plugin <= 3.7.0.5 is vulnerable to Broken Access Control

Software Brands for WooCommerce Type Plugin Vulnerable versions = 3.7.0.5 Fixed in 3.7.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f2b0dfb0d37 Credits István Márton...

WordPress Smart Slider 3 Plugin < 3.5.1.14 is vulnerable to Cross Site Scripting (XSS)

Software Smart Slider 3 Type Plugin Vulnerable versions 3.5.1.14 Fixed in 3.5.1.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0660 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 008134aaa2eb Credits Erwan LR WPScan...

WordPress Search in Place Plugin <= 1.0.104 is vulnerable to Other Vulnerability Type

Software Search in Place Type Plugin Vulnerable versions = 1.0.104 Fixed in 1.0.105 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-26521 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e57d979e5122 Credits István Márton Required...

WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software YouTube Channel Type Plugin Vulnerable versions = 3.23.3 Fixed in 3.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25987 Patch priority Low CVSS severity Low 4.3 Developer Aleksandar Urošević PSID fad79021f069 Credits Mika Required...

WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Zendrop – Global Dropshipping Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-25970 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 180f30af21a8 Credits Dave Jong...

K42465020: BIG-IP URL classification vulnerability CVE-2019-6610

Security Advisory Description The BIG-IP system is vulnerable to a denial-of-service DoS attack when performing URL classification. CVE-2019-6610 Impact A remote attacker may be able to disrupt services by causing the Traffic Management Microkernel TMM to restart. There is no exposure in the...

K95010813: The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes

Security Advisory Description The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes. This issue occurs when all of the following conditions are met: You configure a port misuse policy for DNS and a service policy on the BIG-IP AFM system. The...

WordPress Stock market charts from finviz Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Stock market charts from finviz Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23809 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 206bbc36367f Credits Rio...

WordPress Campaign URL Builder Plugin <= 1.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Campaign URL Builder Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0afec8be8763 Credits WordFence Required privilege...

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.4 Fixed in 1.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25490 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 476e9981867e Credits...

WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...