WordPress WP Crowdfunding Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Crowdfunding Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5757 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 341ae7773e99 Credits David Suho Lee Required...

CVE-2023-40691

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805...

KodExplorer Code Issue Vulnerability

KodExplorer is a web file manager by the individual developer warlee. A code issue vulnerability exists in KodExplorer version 4.51.03, which stems from a manipulation that can lead to server-side request forgery...

WordPress Essential Real Estate Plugin <= 4.3.5 is vulnerable to Arbitrary File Upload

Software Essential Real Estate Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.4.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6827 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4162eb3df384 Credits István Márton Required privilege...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...

PlutoSVG Security Vulnerability

PlutoSVG is a small C SVG rendering library by Samuel Ugochukwu, a private developer. A security vulnerability exists in PlutoSVG, which stems from an integer overflow vulnerability...

KLA62432 SUI vulnerability in Microsoft Developer Tools

A spoofing vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2023-21751 Related products Microsoft-Azure CVE list CVE-2023-21751 high KB list Solution Install necessary updates from the KB section,...

WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4775 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 533ab95811dc Credits István Márton Required...

WordPress Spice Post Slider Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Spice Post Slider Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5362 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 963f12e8b291 Credits István Márton Required...

bramah.co.uk Cross Site Scripting vulnerability OBB-3810964

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

WordPress Welcart e-Commerce Plugin <= 2.9.6 is vulnerable to Path Traversal

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.6 Fixed in 2.9.7 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6120 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 545792f26683 Credits Marco Wotschka Required...

Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins...

WordPress Custom Login Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Custom Login Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49858 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0dfaac0266be Credits Abdi Pranata Required...

WordPress Alt Manager Plugin <= 1.6.1 is vulnerable to Broken Access Control

Software Alt Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50373 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d15fcb372f33 Credits Nguyen Xuan Chien Required...

WordPress Social Media Feather Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software Social Media Feather Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49861 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c21113708404 Credits Abdi Pranata...

WordPress Login With Ajax Plugin <= 4.1 is vulnerable to Broken Access Control

Software Login With Ajax Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49859 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 3990b3ba7420 Credits Abdi Pranata Required...

WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Currency For WooCommerce Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49840 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c36e478dcad3 Credits Nguy...

WordPress Medibazar Core Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Medibazar Core Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49839 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e30692cd7544 Credits RE-ALTER Required privilege...

WordPress Elementor Website Builder Plugin 3.3.0-3.18.1 is vulnerable to Arbitrary File Upload

Software Elementor Website Builder Type Plugin Vulnerable versions 3.3.0-3.18.1 Fixed in 3.18.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48777 Patch priority High CVSS severity High 9.9 Developer Elementor PSID 64baf5c2aab5 Credits Hồng Quân luk6785 at VNPT-VCI...