Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. Impact A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person with access to the development environment can exploit the vulnerabilities to exploit attacks that could lead to the following categories of damage: Bypassing security measure. Remote code execution User rights...

KLA50771 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability...

WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-37868 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 61bc62d7d465 Credits Rafie Muhammad...

WordPress Yet Another Stars Rating Plugin <= 3.3.8 is vulnerable to Race Condition

Software Yet Another Stars Rating Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Race Condition CVE CVE-2023-37867 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 9a9795e352fc Credits Abdi Pranata Required...

WordPress Booking Package Plugin <= 1.5.98 is vulnerable to Privilege Escalation

Software Booking Package Type Plugin Vulnerable versions = 1.5.98 Fixed in 1.5.99 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-37389 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 0ff1d9e379c0 Credits Rafie...

WordPress Getnet Argentina para Woocommerce Plugin 0.0.1-0.0.4 is vulnerable to Broken Access Control

Software Getnet Argentina para Woocommerce Type Plugin Vulnerable versions 0.0.1-0.0.4 Fixed in 0.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3525 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 026805019331 Credits Kijam...

WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce GoCardless Gateway Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-37871 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 5a7891bcb8a5 Credi...

WordPress Buy Me a Coffee Plugin <= 3.7 is vulnerable to Broken Access Control

Software Buy Me a Coffee Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2078 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f9e072d5272 Credits Lana Codes Required privilege...

WordPress WP Dummy Content Generator Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Dummy Content Generator Type Plugin Vulnerable versions = 2.3.0 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37392 Patch priority Low CVSS severity Low 5.4 Developer Deepak Anand PSID 29759436a0f1 Credits Elliot...

WordPress Masteriyo - LMS Plugin < 1.6.8 is vulnerable to Sensitive Data Exposure

Software Masteriyo - LMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Masteriyo PSID aef3f4a1c0c4 Credits Unknown Required privilege Subscriber...

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Terms descriptions Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2f42703e921f Credits Kindaichi Hiro...

WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Media Library Helper by Codexin Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37386 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 31c3323d9133 Credits...

WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection

Software Coming Soon Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46849 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a93f0e48b26 Credits Le Ngoc Anh Required privilege Administrator Publishe...

WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Animated Number Counters Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24393 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5aac80fb8728 Credits yuyudhn Required...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36681 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ec249fa35f9a...

WordPress Companion Sitemap Generator – HTML & XML Plugin < 4.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Companion Sitemap Generator – HTML & XML Type Plugin Vulnerable versions 4.5.3 Fixed in 4.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c5448d43a2a...

WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software My Content Management Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f6e3eb68e74c Credits emad Required...

WordPress Simple Giveaways Plugin <= 2.48.0 is vulnerable to Broken Access Control

Software Simple Giveaways Type Plugin Vulnerable versions = 2.48.0 Fixed in 2.48.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23893 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e25cb2d4a4a7 Credits Nguyen Anh Tien Required...