WordPress Atarim Plugin <= 3.12 is vulnerable to Cross Site Scripting (XSS)

Software Atarim Type Plugin Vulnerable versions = 3.12 Fixed in 3.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47544 Patch priority High CVSS severity High 7.1 Developer Atarim PSID b93ef735606c Credits lttn Required privilege Unauthenticated Published 7...

WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Google My Business Auto Publish Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-47237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 19fe6caa3a0c Credits...

WordPress Featured Image Caption Plugin <= 0.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Featured Image Caption Type Plugin Vulnerable versions = 0.8.10 Fixed in 0.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5669 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0231a5ef9472 Credits Lana Codes...

WordPress TWB Woocommerce Reviews Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software TWB Woocommerce Reviews Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47653 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a756ef9307fc Credits Emili Castells...

Fedora 39 : python-configobj (2023-64b2965699)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-64b2965699 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

WordPress ImageMapper Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software ImageMapper Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5506 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 273249a3fdc4 Credits Lana Codes Required privilege...

WordPress Easy Social Icons Plugin <= 3.2.5 is vulnerable to Broken Access Control

Software Easy Social Icons Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33998 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 69598c192853 Credits Nguyen Anh Tien Required...

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47524 Patch priority High CVSS severity High 5.8 Developer Codebard PSID 00014dfb79a5...

WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure

Software Cloud Templates & Patterns collection Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-47529 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Responsive Pricing Table Plugin < 5.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Pricing Table Type Plugin Vulnerable versions 5.1.8 Fixed in 5.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-4810 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 86c4c3415cb3 Credits Vaishnav Rajeevan Required...

WordPress EazyDocs Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS)

Software EazyDocs Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47549 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID 1e8fa9f4a641 Credits minhtuanact Required privile...

WordPress User Registration Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5228 Patch priority Low CVSS severity Low 5.9 Developer Masteriyo PSID b0a43efbedef Credits Mohamed Azarudheen Require...

WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software CBX Map for Google Map & OpenStreetMap Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47240 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 37695d80e832 Credit...

Android Security Bulletin—November 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-11-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing

Description The plugin does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2023-46747 An Exploitation script developed to exploit the...

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,"...

WordPress SEO Slider Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SEO Slider Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5707 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17821e38b317 Credits Lana Codes Required privilege...

WordPress Advance Menu Manager Plugin <= 3.0.6 is vulnerable to Broken Access Control

Software Advance Menu Manager Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4919cd67715f Credits WordFence Required privilege...

WordPress Digirisk Plugin <= 6.0.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Digirisk Type Plugin Vulnerable versions = 6.0.0.0 Fixed in 6.1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5946 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce9f12824b90 Credits Ala Arfaoui Required...