First handset with MTE on the market

By Mark Brand, Google Project Zero Introduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said to far too many people at this point to be able to back out… that I'd immediately switch to the first available device...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

Cross site scripting

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

WordPress Solid Security Plugin <= 9.0.0 is vulnerable to Sensitive Data Exposure

Software Solid Security Type Plugin Vulnerable versions = 9.0.0 Fixed in 9.0.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8abe71fcfaf7 Credits Naveen Muthusamy Required privilege...

PT-2023-29321 · Unknown · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS version 4.5.7 Description: The issue allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. This is a Cross Site Scripting vulnerability. Recommendations: For BigTree CMS versi...

CVE-2023-44954

BigTree CMS 4.5.7 is affected by a Cross-Site Scripting vulnerability in the Developer Settings function, allowing a remote attacker to execute arbitrary code via the ID parameter. The CVE-2023-44954 description and connected sources (CNVD-2023-93329, NVD, OSV, CNNVD) consistently identify BigTre...

WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Admin Bar & Dashboard Access Control Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47184 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7931d5b9940f Credits Rachit Arora...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

WordPress The Plus Addons for Elementor Pro Plugin <= 5.2.8 is vulnerable to Local File Inclusion

Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.2.8 Fixed in 5.2.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-47178 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 0501be93705b Credits Rafie Muhammad...

WordPress WP Meta and Date Remover Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta and Date Remover Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4823 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e96e6b729f00 Credits dc11 Requir...

WordPress IdeaPush Plugin <= 8.52 is vulnerable to Cross Site Scripting (XSS)

Software IdeaPush Type Plugin Vulnerable versions = 8.52 Fixed in 8.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47181 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b54fa25b769b Credits Emili Castells Required privileg...

WordPress Contest Gallery Plugin < 21.2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions 21.2.8.1 Fixed in 21.2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5307 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID 79977d335b6c Credits Dmitrii...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3fee28172b5f Credits Alex Sanford Required...

WordPress GiveWP Plugin <= 2.33.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software GiveWP Type Plugin Vulnerable versions = 2.33.3 Fixed in 2.33.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4246 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID fe19cf753f7f Credits Marco Wotschka...

WordPress Finale Lite Plugin <= 2.16.0 is vulnerable to Arbitrary Content Deletion

Software Finale Lite Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.17.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-47180 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a89d6e226519 Credits Mika Required...

WordPress e2pdf Plugin < 1.20.20 is vulnerable to Cross Site Scripting (XSS)

Software e2pdf Type Plugin Vulnerable versions 1.20.20 Fixed in 1.20.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-5229 Patch priority Low CVSS severity Low 5.9 Developer E2Pdf.com PSID 5dd49f4334ad Credits Yassir Sbai Fahim Required privilege Administrator...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ec5f591b9a22 Credits Miguel Santareno Required...

WordPress Advanced Booking Calendar Plugin <= 3.2.11 is vulnerable to SQL Injection

Software Advanced Booking Calendar Type Plugin Vulnerable versions = 3.2.11 Fixed in 3.2.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cef456031167 Credits N/A Required privilege Administrator Published 3...