Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing

Description The plugin does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2023-46747 An Exploitation script developed to exploit the...

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,"...

WordPress SEO Slider Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SEO Slider Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5707 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17821e38b317 Credits Lana Codes Required privilege...

First handset with MTE on the market

By Mark Brand, Google Project Zero Introduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said to far too many people at this point to be able to back out… that I'd immediately switch to the first available device...

WordPress Advance Menu Manager Plugin <= 3.0.6 is vulnerable to Broken Access Control

Software Advance Menu Manager Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4919cd67715f Credits WordFence Required privilege...

WordPress Digirisk Plugin <= 6.0.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Digirisk Type Plugin Vulnerable versions = 6.0.0.0 Fixed in 6.1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5946 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce9f12824b90 Credits Ala Arfaoui Required...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

Cross site scripting

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Admin Bar & Dashboard Access Control Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47184 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7931d5b9940f Credits Rachit Arora...

CVE-2023-44954

BigTree CMS 4.5.7 is affected by a Cross-Site Scripting vulnerability in the Developer Settings function, allowing a remote attacker to execute arbitrary code via the ID parameter. The CVE-2023-44954 description and connected sources (CNVD-2023-93329, NVD, OSV, CNNVD) consistently identify BigTre...

WordPress Solid Security Plugin <= 9.0.0 is vulnerable to Sensitive Data Exposure

Software Solid Security Type Plugin Vulnerable versions = 9.0.0 Fixed in 9.0.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8abe71fcfaf7 Credits Naveen Muthusamy Required privilege...

PT-2023-29321 · Unknown · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS version 4.5.7 Description: The issue allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. This is a Cross Site Scripting vulnerability. Recommendations: For BigTree CMS versi...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

WordPress GiveWP Plugin <= 2.33.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software GiveWP Type Plugin Vulnerable versions = 2.33.3 Fixed in 2.33.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4246 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID fe19cf753f7f Credits Marco Wotschka...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress WP Meta and Date Remover Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta and Date Remover Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4823 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e96e6b729f00 Credits dc11 Requir...

WordPress Finale Lite Plugin <= 2.16.0 is vulnerable to Arbitrary Content Deletion

Software Finale Lite Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.17.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-47180 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a89d6e226519 Credits Mika Required...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3fee28172b5f Credits Alex Sanford Required...