WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...

WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mailrelay Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45108 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19213d6f5e3d Credits Mika Required privilege...

WordPress affiliate-toolkit Plugin <= 3.3.9 is vulnerable to Open Redirection

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.4.0 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2023-45105 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID c91af7e93b47 Credits minhtuanact Required privilege Unauthenticat...

WordPress GoodBarber Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software GoodBarber Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45107 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 54aa1d490fb5 Credits Mika Required privileg...

CISA and NSA Release New Guidance on Identity and Access Management

Today, CISA and the National Security Agency NSA published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework ESF, a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that...

Pixel Update Bulletin—October 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2023-10-05 or later address all issues in this bulletin and all issues in the October 2023 Android...

WordPress WP Job Openings Plugin <= 3.4.1 is vulnerable to Broken Access Control

Software WP Job Openings Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-45061 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 80557dfd2883 Credits Revan Arifio Required privile...

WordPress Post View Count Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post View Count Type Plugin Vulnerable versions = 2.0 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44996 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9ca3df3cf077 Credits Rio Darmawan Required...

WordPress WP Custom Admin Interface Plugin <= 7.32 is vulnerable to Broken Access Control

Software WP Custom Admin Interface Type Plugin Vulnerable versions = 7.32 Fixed in 7.33 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44988 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 74d65a8c422e Credits Abdi Pranata Required...

WordPress Video Gallery – YouTube Gallery Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Video Gallery – YouTube Gallery Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45069 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3d253c27c06d Credits Ravi Dharmawan Required privilege...

WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Product Category Tree Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45054 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dfaa06e092f0 Credits Le Ngoc Anh...

WordPress WPGetAPI Plugin 2.1.0-2.2.1 is vulnerable to Broken Access Control

Software WPGetAPI Type Plugin Vulnerable versions 2.1.0-2.2.1 Fixed in 2.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID ca2d9e4727c6 Credits Unknown Required privilege Subscriber...

WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.18 Fixed in 1.15.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 40c5a2d21d33 Credits RE-ALTER Required...

WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure

Software ProfilePress Type Plugin Vulnerable versions = 4.13.2 Fixed in 4.13.3 OWASP Top 10 A8: Software and Data Integrity Failures Classification Sensitive Data Exposure CVE CVE-2023-44150 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 15bdf51e3c48 Credits Joshua Chan...

WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kv TinyMCE Editor Add Fonts Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44470 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 229f3e0b60ce Credits Skalucy...

WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Scripting (XSS)

Software FooGallery Type Plugin Vulnerable versions = 2.2.44 Fixed in 2.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44244 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b438ec1253ca Credits RE-ALTER Required privilege...

WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Contractor Contact Form Website to Workflow Tool Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44245 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b979fca96216 Credits...

WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2302 Fixed in 2309 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44473 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9767a2935241 Credits Muhammad Daffa...

WordPress Modern Events Calendar Lite Plugin < 7.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Modern Events Calendar Lite Type Plugin Vulnerable versions 7.1.0 Fixed in 7.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4021 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c25775cbcad2 Credits Marco Wotschka...

WordPress Popup contact form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Software Popup contact form Type Plugin Vulnerable versions = 7.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-44265 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 317df4ae4595 Credits Rio Darmawan Required...