WordPress Surfer Plugin <= 1.3.2.357 is vulnerable to Broken Access Control

Software Surfer Type Plugin Vulnerable versions = 1.3.2.357 Fixed in 1.3.3.379 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35037 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID fee59b89530e Credits Jonas Höbenreich Required...

WordPress Multi-column Tag Map Plugin <= 17.0.26 is vulnerable to Broken Access Control

Software Multi-column Tag Map Type Plugin Vulnerable versions = 17.0.26 Fixed in 17.0.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-41651 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 543c5fba661a Credits Rio Darmawan Require...

WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WP-dTree Type Plugin Vulnerable versions = 4.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41662 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 03289833774b Credits Le Ngoc Anh Required...

WordPress All-in-One WP Migration Google Drive Extension Plugin <= 2.79 is vulnerable to Broken Access Control

Software All-in-One WP Migration Google Drive Extension Type Plugin Vulnerable versions = 2.79 Fixed in 2.80 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a77f536f8693 Credit...

WordPress Social Media & Share Icons Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41238 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ba7e74f69294 Credits RE-ALTER Required...

WordPress Arya Multipurpose Pro Theme <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Arya Multipurpose Pro Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41237 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 17b111a67e25 Credits László Radnai...

WordPress Email Encoder Bundle Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48a0517c2804 Credits István Márton...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4597 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5f7946c39456 Credits István Márton Requir...

WordPress Herd Effects Plugin < 5.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Herd Effects Type Plugin Vulnerable versions 5.2.4 Fixed in 5.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4318 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c6da81b7acf Credits Erwan LR WPScan Required...

WordPress URL Shortify Plugin < 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software URL Shortify Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4294 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 91200df1978f Credits Bartlomiej Marek and...

WordPress WP VK Plugin < 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP VK Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c374f0a596 Credits WordFence Required privilege Unauthenticat...

WordPress Premmerce User Roles Plugin <= 1.0.12 is vulnerable to Broken Access Control

Software Premmerce User Roles Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41130 Patch priority High CVSS severity High 8.1 Developer Premmerce PSID 8954c8b59cab Credits Nguyen Xuan Chien Required...

WordPress WP Adminify Plugin < 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Adminify Type Plugin Vulnerable versions 3.1.6 Fixed in 3.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5e42dd53e8bc Credits dipak panchal Required privile...

CVE-2023-40176

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

WordPress Min Max Control Plugin < 4.6 is vulnerable to Cross Site Scripting (XSS)

Software Min Max Control Type Plugin Vulnerable versions 4.6 Fixed in 4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4270 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f355d50b63c9 Credits Animesh Gaurav Required...

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg,"...

WordPress Charitable Plugin <= 1.7.0.12 is vulnerable to Privilege Escalation

Software Charitable Type Plugin Vulnerable versions = 1.7.0.12 Fixed in 1.7.0.13 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2023-4404 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52fac3028e4c Credits István Márton Required privilege...

WordPress Landing Page Builder Plugin <= 1.5.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Landing Page Builder Type Plugin Vulnerable versions = 1.5.1.2 Fixed in 1.5.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40675 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 370a5339a489 Credits Rio Darmawan...

WordPress Slimstat Analytics Plugin <= 5.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40676 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 02d370df713c Credits Rio Darmawan Require...