WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF)

Software Autolinks Manager Type Plugin Vulnerable versions = 1.10.04 Fixed in 1.10.05 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46625 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d40ccdf98f29 Credits Skalucy...

WordPress Download CloudNet360 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Download CloudNet360 Type Plugin Vulnerable versions = 3.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46643 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ee6eb33e2e8 Credits Nithissh S...

WordPress VK Filter Search Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software VK Filter Search Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5705 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f96b4818f13 Credits István Márton Required...

WordPress Glossary Plugin <= 3.1.2 is vulnerable to Broken Access Control

Software Glossary Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46633 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 27c2b348236a Credits Nguyen Xuan Chien Required privilege...

WordPress WordPress CTA Plugin <= 1.5.8 is vulnerable to Broken Access Control

Software WordPress CTA Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46644 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 45791c76e335 Credits Abdi Pranata Required...

WordPress Mediabay Plugin <= 1.6 is vulnerable to Broken Access Control

Software Mediabay Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46612 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 01f288807115 Credits emad Required privilege Subscriber...

WordPress Quill Forms Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Quill Forms Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46610 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f234d1eb3578 Credits Abdi Pranata Required privilege...

WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Add to Calendar Button Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46613 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d1a3af767789 Credits Ngô Thiên An ancorn from...

WordPress Convertful – Your Ultimate On-Site Conversion Tool Plugin <= 2.5 is vulnerable to Broken Access Control

Software Convertful – Your Ultimate On-Site Conversion Tool Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46605 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9a3a7f4759bc Credit...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.50 is vulnerable to Broken Access Control

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.50 Fixed in 2.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36698 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b7a98366ebf3 Credits Jerome...

HCL Technologies Compass Access Control Error Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from an Access Control Error vulnerability that stems from the application not disablin...

WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...

HCL Technologies Compass Weak Password Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a weak password vulnerability that stems from susceptibility to insecure password...

JVN#02058996: HP ThinUpdate vulnerable to improper server certificate verification

HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication or alter the communication. Solution Update the Software Update the software...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer

Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a "key target" in France. "In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia," the agency said. "The main...

React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

GHSA-RXRC-RGV4-JPVX React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

Input validation

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...