WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection

Software Couponis Demo Type Plugin Vulnerable versions 2.2 Fixed in 2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49750 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 697cadbd26d0 Credits RE-ALTER Required privilege Unauthenticated Published 4...

WordPress Dashboard Widgets Suite Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49743 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c6ab0c656b0c Credits Rachit Arora Required privileg...

WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software SureTriggers Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11a6f0afd634 Credits Rafie Muhammad...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49752 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bdbcb39edd4b Credits RE-ALTER Required privilege Unauthenticated...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Local File Inclusion

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-49753 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 193f6f83729d Credits RE-ALTER Required privilege Unauthenticated...

CVE-2023-4317 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch ...

WordPress Importify (Dropshipping WooCommerce) Plugin <= 1.0.4 is vulnerable to Sensitive Data Exposure

Software Importify Dropshipping WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-49194 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c07f29f4e095 Credits Mika...

WordPress Coming soon and Maintenance mode Plugin <= 3.7.3 is vulnerable to Bypass Vulnerability

Software Coming soon and Maintenance mode Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.7.4 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-49741 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID d62ae4e054de Credits Mika...

PT-2023-28723 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.2 through 16.4.2 GitLab versions 16.5 through 16.5.2 GitLab versions 16.6 through 16.6.0 Description: An issue has been discovered in GitLab where a user with the Developer role could update a pipeline schedule from an...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from the ability of a use...

WordPress Backup Migration Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure

Software Backup Migration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-6266 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 7df0ea44f3d7 Credits Rafshanzani Suhada...

WordPress Enhanced Text Widget Plugin <= 1.6.3 is vulnerable to Broken Access Control

Software Enhanced Text Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49192 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 8e44319396d6 Credits Abdi Pranata...

WordPress DoFollow Case by Case Plugin <= 3.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software DoFollow Case by Case Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49197 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1e74ba3bfbc6 Credits Skalucy...

WordPress Seraphinite Accelerator Plugin <= 2.20.28 is vulnerable to Cross Site Scripting (XSS)

Software Seraphinite Accelerator Type Plugin Vulnerable versions = 2.20.28 Fixed in 2.20.29 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49740 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 402f5bb75420 Credits Le Ngoc Anh Required...

WordPress which template file Plugin <= 5.0.0 is vulnerable to Cross Site Scripting (XSS)

Software which template file Type Plugin Vulnerable versions = 5.0.0 Fixed in 5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49177 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 69cd93c404ef Credits LEE SE HYOUNG...

WordPress WP Pocket URLs Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Pocket URLs Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49176 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 380f014ea38f Credits SeungYongLee Required privilege...

WordPress NextScripts Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49183 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43a77de242d5 Credits Le Ngoc Anh Required privilege...

WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Adifier System Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49187 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a67ee23d6891 Credits RE-ALTER Required privilege...

WordPress SchedulePress Plugin <= 5.0.4 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aa83517bf4e8 Credits Unknown Required privilege Contributor...

WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software teachPress Type Plugin Vulnerable versions = 9.0.5 Fixed in 9.0.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49163 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 932dc955a019 Credits LVT-tholv2k Required...