WordPress WebLibrarian Plugin <= 3.5.8.4 is vulnerable to Cross Site Scripting (XSS)

Software WebLibrarian Type Plugin Vulnerable versions = 3.5.8.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29441 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e45d424e6b8c Credits LEE SE HYOUNG...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from a lack of permission checking in the launchConfirmationActivity module of...

WordPress LINE Notify Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software LINE Notify Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30497 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 329899cef564 Credits Ivy TOOR, LISA Requir...

WordPress Premium Packages Plugin <= 5.7.4 is vulnerable to Privilege Escalation

Software Premium Packages Type Plugin Vulnerable versions = 5.7.4 Fixed in 5.7.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4293 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc8d08d3355c Credits Lana...

WordPress Make Paths Relative Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Make Paths Relative Type Plugin Vulnerable versions = 1.3.0 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27433 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 624b43fd206b Credits Mika Required...

PT-2023-18020 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a missing permission check in the launchConfirmationActivity of ChooseLockSettingsHelper.java. This could allow enabling developer options without the lockscreen PIN...

WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication

Software Password Reset with Code for WordPress REST API Type Plugin Vulnerable versions = 0.0.15 Fixed in 0.0.16 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-35039 Patch priority Low CVSS severity Low 9.8 Developer Be Devious Web Development PSID...

2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization

Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the detail...

WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Broken Access Control

Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1430c7736a5b Credits István Márton...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.11 Fixed in 3.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a5e55d72b53...

WordPress Portfolio and Projects Plugin <= 1.3.7 is vulnerable to Broken Access Control

Software Portfolio and Projects Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-39995 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 632ef93c7f63 Credits Cat Required privilege...

The vulnerability in the set of tools for web development in Google Chrome’s DevTools allows a hacker to bypass content security policies.

The vulnerability of the DevTools set of tools for web development in Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to circumvent content security policies through a specially crafted HTML page...

WordPress Advanced Custom Fields PRO Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c4bf4250f3b3 Credits Satoo Nakano Ryotaro Imamura Require...

WordPress Demon image annotation Plugin <= 5.3 is vulnerable to SQL Injection

Software Demon image annotation Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-40215 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 48d8f2dd0426 Credits LEE SE HYOUNG hackintoanetwork Required...

WordPress Fusion Builder Plugin <= 3.11.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39311 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 970dca7b1596 Credits Rafie Muhammad...

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to...

WordPress User Activity Tracking and Log Plugin < 4.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software User Activity Tracking and Log Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8eda0dc496af Credits Erwan L...

WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...

WordPress Real Estate Manager Plugin <= 7.2 is vulnerable to Broken Access Control

Software Real Estate Manager Type Plugin Vulnerable versions = 7.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4239 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9d7a1725ab48 Credits Lana Codes Required privileg...

WordPress Biometric Login for WooCommerce Plugin < 1.0.4 is vulnerable to Privilege Escalation

Software Biometric Login for WooCommerce Type Plugin Vulnerable versions 1.0.4 Fixed in 1.0.4 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE N/A Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 23f90f576a47 Credits Alexander Concha Required...