WordPress WP Fastest Cache Plugin < 1.2.2 is vulnerable to SQL Injection

Software WP Fastest Cache Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6063 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5011a3314981 Credits Alex Sanford Required privilege Unauthenticated...

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47765 Patch priority Low CVSS severity Low 4.3 Developer Codebard PSID 8a59ce87622d...

WordPress Thrive Theme Builder Theme < 3.24.0 is vulnerable to Broken Access Control

Software Thrive Theme Builder Type Theme Vulnerable versions 3.24.0 Fixed in 3.24.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47783 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID df9a83751ebc Credits Rafie Muhammad Patchsta...

WordPress Betheme Theme <= 27.1.1 is vulnerable to Broken Access Control

Software Betheme Type Theme Vulnerable versions = 27.1.1 Fixed in 27.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47770 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID f61160742341 Credits Rafie Muhammad Patchstack Required...

WordPress LuckyWP Scripts Control Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software LuckyWP Scripts Control Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47778 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0397d6dac11d Credits Abdi Pranata...

WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47785 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 32d010feaf90 Credits Rafie Muhammad...

WordPress EasyAzon Plugin <= 5.1.0 is vulnerable to Broken Access Control

Software EasyAzon Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47780 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID bdc4e95fbc8c Credits Abdi Pranata Required privileg...

WordPress Footer Putter Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Software Footer Putter Type Plugin Vulnerable versions = 1.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47768 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4553836a22ef Credits Le Ngoc Anh Required...

KLA61979 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege...

WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS)

Software LayerSlider Type Plugin Vulnerable versions = 7.7.9 Fixed in 7.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47786 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID bc229172c2ce Credits Rafie Muhammad Patchstack Required...

Malicious Abrax666 AI Chatbot Exposed as Potential Scam

By Waqas Abrax666 AI Chatbot is being boasted by its developer as a malicious alternative to ChatGPT, claiming it's a perfect multitasking tool for both ethical and unethical activities. This is a post from HackRead.com Read the original post: Malicious Abrax666 AI Chatbot Exposed as Potential Sc...

WordPress WP Custom Admin Interface Plugin <= 7.31 is vulnerable to Broken Access Control

Software WP Custom Admin Interface Type Plugin Vulnerable versions = 7.31 Fixed in 7.32 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47763 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 73d0182de151 Credits Abdi Pranata...

Dreamer CMS Security Vulnerability

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version 4.1.3, which stems from a cross-site request forgery CSRF vulnerability in component /admin/task/add...

WordPress Simple 301 Redirects by BetterLinks Plugin <= 2.0.7 is vulnerable to Broken Access Control

Software Simple 301 Redirects by BetterLinks Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47761 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 76b78ec76a84 Credits Abd...

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47760 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 34de2a2210b4 Credits Abdi...

WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Bus Ticket Booking with Seat Reservation Type Plugin Vulnerable versions = 5.2.5 Fixed in 5.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30496 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID cc34a3da3177...

WordPress ElementsKit Pro Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.6.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-39993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b8963eeda442 Credits Rafie Muhammad Patchsta...

WordPress Frontend File Manager Plugin < 22.6 is vulnerable to Arbitrary File Download

Software Frontend File Manager Type Plugin Vulnerable versions 22.6 Fixed in 22.6 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-5105 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 66e0e4c68ed0 Credits Dmitrii Ignatyev...

Metasploit Weekly Wrap-Up

Apache MQ and Three Cisco Modules in a Trenchcoat This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 targeting Apache MQ resulting in ransomware deployment and CVE-2023-20198 targeting Cis...

BlazeStealer Malware Uncovered in Python Packages on PyPI

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index PyPI repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a...