WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection

Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50842 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 54f1b98a01c0 Credits Khalid Yusuf Required privilege Contributor...

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

WordPress Image horizontal reel scroll slideshow Plugin <= 13.3 is vulnerable to Cross Site Scripting (XSS)

Software Image horizontal reel scroll slideshow Type Plugin Vulnerable versions = 13.3 Fixed in 13.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5413 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4bff9d695d5 Credits...

WordPress WP Crowdfunding Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Crowdfunding Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5757 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 341ae7773e99 Credits David Suho Lee Required...

WordPress Accredible Certificates & Open Badges Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Accredible Certificates & Open Badges Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50827 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID dce9609936de Credits emad Required...

Backstage Information Disclosure Vulnerability

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage that stems from the GitlabDiscoveryEntityProvider leaking gitlab integration tokens in logs when tokens with newlines are supplied...

WordPress WP Edit Username Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Edit Username Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3874545cb784 Credits Jeongwoo-LeeRoronoa Required privileg...

CVE-2023-40691

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805...

KodExplorer Code Issue Vulnerability

KodExplorer is a web file manager by the individual developer warlee. A code issue vulnerability exists in KodExplorer version 4.51.03, which stems from a manipulation that can lead to server-side request forgery...

WordPress Essential Real Estate Plugin <= 4.3.5 is vulnerable to Arbitrary File Upload

Software Essential Real Estate Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.4.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6827 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4162eb3df384 Credits István Márton Required privilege...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...

PlutoSVG Security Vulnerability

PlutoSVG is a small C SVG rendering library by Samuel Ugochukwu, a private developer. A security vulnerability exists in PlutoSVG, which stems from an integer overflow vulnerability...

KLA62432 SUI vulnerability in Microsoft Developer Tools

A spoofing vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2023-21751 Related products Microsoft-Azure CVE list CVE-2023-21751 high KB list Solution Install necessary updates from the KB section,...

WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4775 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 533ab95811dc Credits István Márton Required...

WordPress Spice Post Slider Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Spice Post Slider Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5362 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 963f12e8b291 Credits István Márton Required...

bramah.co.uk Cross Site Scripting vulnerability OBB-3810964

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

WordPress Welcart e-Commerce Plugin <= 2.9.6 is vulnerable to Path Traversal

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.9.6 Fixed in 2.9.7 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6120 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 545792f26683 Credits Marco Wotschka Required...

Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins...

WordPress Alt Manager Plugin <= 1.6.1 is vulnerable to Broken Access Control

Software Alt Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50373 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID d15fcb372f33 Credits Nguyen Xuan Chien Required...