WordPress Web3 – Crypto wallet Login & NFT token gating Plugin <= 2.6.0 is vulnerable to Bypass Vulnerability

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2023-3249 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 137db20e70bb Credits...

CVE-2023-30955

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

CVE-2023-30955

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

Authorization

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

CVE-2023-30955

CVE-2023-30955 affects Palantir Foundry workspace-server prior to version 7.7.0, enabling a user to bypass an authorization check and view/interact with Developer Mode settings with insufficient privileges. The issue is resolved by upgrading to workspace-server 7.7.0 (fix deployed). Practical gui...

CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

Palantir Foundry workspace-server 安全漏洞

Palantir Foundry workspace-server is a workspace service application from Palantir, Inc. A security vulnerability exists in Palantir Foundry workspace-server versions prior to 7.7.0 that originated from a vulnerability that allows an attacker to bypass authorization checks and view settings relat...

PT-2023-23084 · Foundry · Workspace-Server

Name of the Vulnerable Software and Affected Versions: Foundry workspace-server versions prior to 7.7.0 Description: A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This allowed users...

GitLab 13.7 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-2576)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. Th...

WordPress WP Post Author Plugin <= 3.2.3 is vulnerable to Privilege Escalation

Software WP Post Author Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.3.0 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE N/A Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6affa2eefe9f Credits N/A Required privilege Unauthenticated...

WordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object Injection

Software Zippy Type Plugin Vulnerable versions = 1.6.5 Fixed in 1.6.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-36381 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 06b21be6012c Credits Jeong Seong Ho Required privilege Author Published 2...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.6.4 is vulnerable to Broken Authentication

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.6.4 Fixed in 7.6.5 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2982 Patch priority High CVSS severity High 9.8 Developer Claim ownership...

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Remote Code Execution (RCE)

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2877 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 64ee0a3444e8 Credits Alex Sanford Required privilege...

WordPress Caldera Forms Google Sheets Connector Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Caldera Forms Google Sheets Connector Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2330 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 989c25f04825 Credits...

WordPress Popup by Supsystic Plugin < 1.10.19 is vulnerable to Other Vulnerability Type

Software Popup by Supsystic Type Plugin Vulnerable versions 1.10.19 Fixed in 1.10.19 OWASP Top 10 A1: Injection Classification Other Vulnerability Type CVE CVE-2023-3186 Patch priority Low CVSS severity Low 7.1 Developer Supsystic PSID 8e2256424582 Credits drwtsn Required privilege Unauthenticate...

Introducing Discuss ? the Akamai Developer Discussion Forum

...

WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.7.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-36513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID baa4f71a9406 Credits Rafie Muhammad Patchsta...

WordPress Atarim Plugin <= 3.9.1 is vulnerable to Broken Access Control

Software Atarim Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 8.2 Developer Atarim PSID 7b9f3a87aa7b Credits N/A Required privilege Unauthenticated Published 23 June...

WordPress MaxButtons Plugin <= 9.5.3 is vulnerable to Cross Site Scripting (XSS)

Software MaxButtons Type Plugin Vulnerable versions = 9.5.3 Fixed in 9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36503 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 24d386e76da8 Credits Rafshanzani Suhada Required...