WordPress Kenta Companion Plugin < 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Kenta Companion Type Plugin Vulnerable versions 1.1.9 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 66320b68639d Credits Rafie Muhammad Patchstack Required...

WordPress Issues Tracker Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Issues Tracker Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 524fc4ced1e7 Credits Rafie Muhammad Patchstack Require...

WordPress Filr – Secure document library Plugin < 1.2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Filr – Secure document library Type Plugin Vulnerable versions 1.2.3.1 Fixed in 1.2.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Patrick Posner PSID 4238a0e05073 Credits Rafie Muhammad...

WordPress SMS for WooCommerce Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Software SMS for WooCommerce Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0418ff42f218 Credits Rafie Muhammad Patchstack Requir...

WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Generator Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37988 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4da7e4864bf8 Credits Arvandy...

WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software YourMembership Single Sign On Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37987 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9b1dfdc28505 Credits Aman Rawat...

WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.119 Fixed in 1.0.119.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32600 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbe17eef0220 Credits Rafie Muhammad...

WordPress Easyship WooCommerce Shipping Rates Plugin <= 0.9.0 is vulnerable to Broken Access Control

Software Easyship WooCommerce Shipping Rates Type Plugin Vulnerable versions = 0.9.0 Fixed in 0.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b96cc2858d9e Credits Friday...

Google Removes Swing VPN Android App Exposed as DDoS Botnet

By Waqas The developer behind the malicious app, Limestone Software Solutions, has also been banned from the Google Play Store. This is a post from HackRead.com Read the original post: Google Removes Swing VPN Android App Exposed as DDoS Botnet...

Malicious code in anjelo-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db6f3678cbdc2b664e7533d410d364044f705af68acc098598e0ea1e993c5876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-99 Malicious code in anjelo-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db6f3678cbdc2b664e7533d410d364044f705af68acc098598e0ea1e993c5876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-20283 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab CE/EE that allows a developer to remove the CODEOWNERS rules a...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE that stems from allowing...

WordPress AnsPress – Question and answer Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)

Software AnsPress – Question and answer Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34374 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8d2ef4a3a5f2 Credits Theodoro...

WordPress WooCommerce Product Stock Alert Plugin <= 2.0.1 is vulnerable to Settings Change

Software WooCommerce Product Stock Alert Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-37971 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e561b9b30485 Credits Mika Required...

Online Piggery Management System SQL注入漏洞

Online Piggery Management System is an online pig management system by Lewa Personal Developer. A security vulnerability exists in Online Piggery Management System version 1.0 that stems from vulnerability to SQL injection attacks...

WordPress MF Gig Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37970 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc50c5ee5e06 Credits Abdi Pranata Required...

WordPress DirectoryPress Plugin <= 3.6.2 is vulnerable to Broken Access Control

Software DirectoryPress Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37967 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4392bc7ad6f Credits Abdi Pranata Required...

WordPress Grid Kit Premium Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Grid Kit Premium Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3292 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75b7f5364596 Credits Erwan LR WPScan...

quickform, , Other

Developer states exploit is "hack yourself" scenario...