WordPress WordPress Backup & Migration Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Backup & Migration Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5738 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b9d4e9b2aa2 Credits Krzyszt...

WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection

Software Redirect 404 Error Page to Homepage or Custom Page with Logs Type Plugin Vulnerable versions = 1.8.7 Fixed in 1.8.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47530 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID c586c5b28368 Credit...

WordPress Awesome Support Plugin < 6.1.5 is vulnerable to Broken Access Control

Software Awesome Support Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5352 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07a73880431c Credits Krzysztof Zając CERT PL Required...

WordPress User Registration Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5228 Patch priority Low CVSS severity Low 5.9 Developer Masteriyo PSID b0a43efbedef Credits Mohamed Azarudheen Require...

WordPress Responsive Pricing Table Plugin < 5.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Pricing Table Type Plugin Vulnerable versions 5.1.8 Fixed in 5.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-4810 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 86c4c3415cb3 Credits Vaishnav Rajeevan Required...

WordPress Featured Image Caption Plugin <= 0.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Featured Image Caption Type Plugin Vulnerable versions = 0.8.10 Fixed in 0.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5669 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0231a5ef9472 Credits Lana Codes...

WordPress TWB Woocommerce Reviews Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software TWB Woocommerce Reviews Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47653 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a756ef9307fc Credits Emili Castells...

WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software CBX Map for Google Map & OpenStreetMap Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47240 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 37695d80e832 Credit...

WordPress Easy Social Icons Plugin <= 3.2.5 is vulnerable to Broken Access Control

Software Easy Social Icons Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33998 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 69598c192853 Credits Nguyen Anh Tien Required...

WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Google My Business Auto Publish Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-47237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 19fe6caa3a0c Credits...

WordPress EazyDocs Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS)

Software EazyDocs Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47549 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID 1e8fa9f4a641 Credits minhtuanact Required privile...

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47524 Patch priority High CVSS severity High 5.8 Developer Codebard PSID 00014dfb79a5...

WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure

Software Cloud Templates & Patterns collection Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-47529 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress ImageMapper Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software ImageMapper Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5506 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 273249a3fdc4 Credits Lana Codes Required privilege...

Fedora 39 : python-configobj (2023-64b2965699)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-64b2965699 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

WordPress Visitors Traffic Real Time Statistics Plugin <= 7.2 is vulnerable to Broken Access Control

Software Visitors Traffic Real Time Statistics Type Plugin Vulnerable versions = 7.2 Fixed in 7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47557 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a6e4049fb1e4 Credits...

WordPress Product Enquiry for WooCommerce Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software Product Enquiry for WooCommerce Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47512 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 91da7577d818 Credits LEE S...

WordPress Atarim Plugin <= 3.12 is vulnerable to Cross Site Scripting (XSS)

Software Atarim Type Plugin Vulnerable versions = 3.12 Fixed in 3.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47544 Patch priority High CVSS severity High 7.1 Developer Atarim PSID b93ef735606c Credits lttn Required privilege Unauthenticated Published 7...

WordPress WP Crowdfunding Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Crowdfunding Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47532 Patch priority High CVSS severity High 5.8 Developer Claim ownership PSID 6353d577e913 Credits Khalid Yusuf Required privilege...

Android Security Bulletin—November 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-11-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...