7419 matches found
CVE-2023-4317 Incorrect Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch ...
WordPress Enhanced Text Widget Plugin <= 1.6.3 is vulnerable to Broken Access Control
Software Enhanced Text Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49192 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 8e44319396d6 Credits Abdi Pranata...
WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software DoFollow Case by Case Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49197 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1e74ba3bfbc6 Credits Skalucy...
WordPress Backup Migration Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure
Software Backup Migration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-6266 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7df0ea44f3d7 Credits Rafshanzani Suhada...
WordPress Importify (Dropshipping WooCommerce) Plugin <= 1.0.4 is vulnerable to Sensitive Data Exposure
Software Importify Dropshipping WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-49194 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c07f29f4e095 Credits Mika...
WordPress Seraphinite Accelerator Plugin <= 2.20.28 is vulnerable to Cross Site Scripting (XSS)
Software Seraphinite Accelerator Type Plugin Vulnerable versions = 2.20.28 Fixed in 2.20.29 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49740 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 402f5bb75420 Credits Le Ngoc Anh Required...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from the ability of a use...
PT-2023-28723 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 9.2 through 16.4.2 GitLab versions 16.5 through 16.5.2 GitLab versions 16.6 through 16.6.0 Description: An issue has been discovered in GitLab where a user with the Developer role could update a pipeline schedule from an...
WordPress Coming soon and Maintenance mode Plugin <= 3.7.3 is vulnerable to Bypass Vulnerability
Software Coming soon and Maintenance mode Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.7.4 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-49741 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID d62ae4e054de Credits Mika...
WordPress SchedulePress Plugin <= 5.0.4 is vulnerable to Broken Access Control
Software SchedulePress Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aa83517bf4e8 Credits Unknown Required privilege Contributor...
WordPress List all posts by Authors, nested Categories and Title Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)
Software List all posts by Authors, nested Categories and Title Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49182 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Forms by CaptainForm Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49170 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 40df54b84291 Credits Khalid Yusuf Required...
WordPress which template file Plugin <= 5.0.0 is vulnerable to Cross Site Scripting (XSS)
Software which template file Type Plugin Vulnerable versions = 5.0.0 Fixed in 5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49177 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 69cd93c404ef Credits LEE SE HYOUNG...
WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software teachPress Type Plugin Vulnerable versions = 9.0.5 Fixed in 9.0.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49163 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 932dc955a019 Credits LVT-tholv2k Required...
WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)
Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4b554f8ca93c Credits LVT-tholv2k Required privilege...
WordPress Ads by datafeedr.com Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Ads by datafeedr.com Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49169 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1f49a74489f Credits Ngô Thiên An ancorn from VNPT-VCI...
WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)
Software BP Better Messages Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49168 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 979ad8298842 Credits Rafshanzani Suhada Required privile...
WordPress WP Pocket URLs Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software WP Pocket URLs Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49176 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 380f014ea38f Credits SeungYongLee Required privilege...
WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49187 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a67ee23d6891 Credits RE-ALTER Required privilege...
WordPress NextScripts Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)
Software NextScripts Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49183 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43a77de242d5 Credits Le Ngoc Anh Required privilege...