CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The CVE-2023-5654 issue affects the React Developer Tools extension and is caused by a content-script listener registered with window.addEventListener('message', …) that fetches a URL derived from a received message without validating/sanitising it. This allows a malicious page to trigger the vic...

React Developer Tools Security Vulnerability

Facebook React Developer Tools is a JavaScript library for building user interfaces from Facebook Inc. A security vulnerability exists in React Developer Tools version v4.27.8, which stems from an extension that registers a message listener in content scripts, where code within the listener does...

WordPress Booster for WooCommerce Plugin <= 7.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5638 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID be851143f85f Credits István Márton...

WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control

Software WP EXtra Type Plugin Vulnerable versions = 6.2 Fixed in 6.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46212 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID a172237cbb4d Credits TP Cyber Security Required privilege...

PT-2023-32240 · Facebook · React Developer Tools

Name of the Vulnerable Software and Affected Versions: React Developer Tools extension affected versions not specified Description: The React Developer Tools extension has a message listener registered with window.addEventListener'message', in a content script accessible to any active webpage in...

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...

WordPress Headline Analyzer Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software Headline Analyzer Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46195 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0889713f4319 Credits Mika Required privilege...

WordPress Super Testimonial Pro Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Super Testimonial Pro Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5613 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4c345a4e70e4 Credits Lana Codes Required...

WordPress Social proof testimonials and reviews by Repuso Plugin <= 4.97 is vulnerable to Broken Access Control

Software Social proof testimonials and reviews by Repuso Type Plugin Vulnerable versions = 4.97 Fixed in 5.00 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46196 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b9598b02b70d...

Fedora 37 : python-configobj (2023-62baa45349)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-62baa45349 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)

Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...

WordPress File Manager Pro Plugin < 1.8.1 is vulnerable to Remote Code Execution (RCE)

Software File Manager Pro Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4861 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID cd77a490f9de Credits Alex Sanford Required privilege...

WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46153 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a28b0bbea276 Credits Dimas Maulana Required privilege...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Privilege Escalation

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-46145 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 23dc050c5700 Credits Rafie Muhammad Patchstack...

WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46089 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca0e03655d57 Credits LEE SE HYOUNG...

WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Conversios.io Type Plugin Vulnerable versions = 6.5.3 Fixed in 6.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46094 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID fb9e0ece864f Credits Phd Required privilege Unauthenticated...

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EG-Attachments Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04006798b0e0 Credits Le Ngoc Anh Required...

WordPress Custom post types Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom post types Type Plugin Vulnerable versions = 5.0.2 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32116 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de51dde21ff9 Credits Taihei Shimamine...

The vulnerability of Mixed Reality Developer Tools for Windows operating systems, which allows a hacker to trigger a service failure.

The vulnerability of Mixed Reality Developer Tools for Windows operating systems is related to improper resource cleanup. Exploiting this vulnerability can allow a malicious actor to cause service failures...