WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46811 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSI...

DNSrecon-gui - DNSrecon Tool With GUI For Kali Linux

DNSRecon is a DNS scanning and enumeration tool written in Python, which allows you to perform different tasks, such as enumeration of standard records for a defined domain A, NS, SOA, and MX. Top-level domain expansion for a defined domain. With this graph-oriented user interface, the different...

WordPress Rank Math SEO Plugin <= 1.0.107.2 is vulnerable to Local File Inclusion

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.107.2 Fixed in 1.0.107.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23888 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID e3a7d6a3381a Credits Rafie Muhammad Patchstack Required...

WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin < 2.0.9 is vulnerable to SQL Injection

Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions 2.0.9 Fixed in 2.0.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0487 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID cdb7568b0dc6 Credits qerogramat Kak...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0726 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b813357081c1 Credits Marco Wotschka...

WordPress Youzify Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Youzify Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0059 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 066f99253e79 Credits István Márton Required...

WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control

Software Ultimate Addons for Beaver Builder – Lite Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23882 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 952c840a7b12 Credits...

WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software PixelYourSite – Your smart PIXEL TAG Manager Type Plugin Vulnerable versions = 9.3.0 Fixed in 9.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22700 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf76bce3f34...

WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23981 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1354354e56fe Credits Rio...

WordPress Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Image Hover Effects For WPBakery Page Builder Type Plugin Vulnerable versions = 4.0 Fixed in 5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23681 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2843dca604e1 Credi...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Broken Access Control

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23975 Patch priority Low CVSS severity Low 5.3 Developer Fullworks Plugins PSID 7294748abf10 Credits yuyudhn Required...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...

WordPress MainWP Clone Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Clone Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23642 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID fedefb75fe08 Credits Dave Jong...

WordPress Easy Digital Downloads Plugin <= 3.1.0.3 is vulnerable to SQL Injection

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.1.0.3 Fixed in 3.1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23489 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 8ebed23bcf9a Credits Joshua Martinelle Required privilege...

CVE-2023-23454

cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results...

CVE-2023-23454

cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results...

CVE-2023-23454

cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results...

WordPress WC Vendors Marketplace Plugin < 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WC Vendors Marketplace Type Plugin Vulnerable versions 2.4.5 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0072 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID c2abc726ee8e Credits Lana Codes...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4701 Patch priority Medium CVSS severity Medium 4.3 Developer WProyal PSID d49799edf75b Credits Ramuel Gall Required...

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Cross Site Request Forgery (CSRF)

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4707 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID d1eebd7ac349 Credits Ramuel Gall Require...