WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47845 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10b2ddc4a429 Credits Dimas Maulana Required...

KLA62069 OSI vulnerability in Microsoft Developer Tools

An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2023-36013 Related products PowerShell CVE list CVE-2023-36013 high KB list Solution Install necessary updates fr...

WordPress Theater for WordPress Plugin <= 0.18.3 is vulnerable to Cross Site Scripting (XSS)

Software Theater for WordPress Type Plugin Vulnerable versions = 0.18.3 Fixed in 0.18.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47833 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aca23ea8395c Credits DoYeon Park p6rkdoye0n Require...

A Bootiful Podcast: Google Developer Advocate, Java legend, Alexis Moussine Pouchkine

Hi, Spring fans! Happy Thanksgiving to those who celebrate! Have you tried out Spring Boot 3.2? It comes out NEXT week on the 23rd! Get the bits and try them out now! This week I am joined by Google Developer Advocate, Java legend, Alexis Moussine Pouchkine...

WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.13 Fixed in 8.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47834 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f34de2f1d2a5 Credits emad Required privilege...

WordPress Restaurant & Cafe Addon for Elementor Plugin <= 1.5.3 is vulnerable to Broken Access Control

Software Restaurant & Cafe Addon for Elementor Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47826 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b97882725329 Credits...

WordPress LWS Hide Login Plugin <= 2.1.8 is vulnerable to Bypass Vulnerability

Software LWS Hide Login Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-47818 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 6d52db64950c Credits Naveen Muthusamy Required privilege...

WordPress WP Courses LMS Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WP Courses LMS Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 788c62b14a2a Credits Unknown Required privilege Subscriber...

WordPress Jetpack Plugin < 12.7 is vulnerable to Clickjacking

Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A3: Injection Classification Clickjacking CVE CVE-2023-47774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18fefcc21cac Credits Rafie Muhammad Patchstack Required privilege Contributor...

WordPress Phlox Portfolio Plugin <= 2.3.1 is vulnerable to Local File Inclusion

Software Phlox Portfolio Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-38399 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 2298d332cdc8 Credits Rafie Muhammad Patchstack Required...

WordPress WP Courses LMS Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WP Courses LMS Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 45ff52ba1951 Credits Unknown Required privilege Subscriber...

WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 19415fa8bf01 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Daily Prayer Time Plugin <= 2023.10.13 is vulnerable to Cross Site Scripting (XSS)

Software Daily Prayer Time Type Plugin Vulnerable versions = 2023.10.13 Fixed in 2023.10.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47817 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1face61be077 Credits Ngô Thiên An ancorn from...

WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS)

Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47786 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bc229172c2ce Credits Rafie Muhammad Patchstack Required...

WordPress Footer Putter Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Software Footer Putter Type Plugin Vulnerable versions = 1.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47768 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4553836a22ef Credits Le Ngoc Anh Required...

WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Leadster Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6d346958cd11 Credits BuShiYue Required privileg...

WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47785 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 32d010feaf90 Credits Rafie Muhammad...

KLA61979 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege...

WordPress EasyAzon Plugin <= 5.1.0 is vulnerable to Broken Access Control

Software EasyAzon Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47780 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID bdc4e95fbc8c Credits Abdi Pranata Required privileg...

WordPress Betheme Theme <= 27.1.1 is vulnerable to Broken Access Control

Software Betheme Type Theme Vulnerable versions = 27.1.1 Fixed in 27.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47770 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID f61160742341 Credits Rafie Muhammad Patchstack Required...