WordPress Conditional Menus Plugin < 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Conditional Menus Type Plugin Vulnerable versions 1.2.1 Fixed in 1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2654 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0dced483a914 Credits Erwan LR WPScan Requir...

WordPress SupportCandy Plugin < 3.1.7 is vulnerable to SQL Injection

Software SupportCandy Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2719 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c15c7e980643 Credits dc11 Required privilege Subscriber Published 19 June,...

WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to SQL Injection

Software WP Custom Cursors Type Plugin Vulnerable versions 3.2 Fixed in 3.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2221 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 57dc3e3d3d93 Credits Chien Vuong Required privilege Administrator Published...

WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software LWS Cleaner Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35781 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID eac11e5294d8 Credits konagash Required...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

WordPress Contact Form by WD Plugin <= 1.15.16 is vulnerable to Broken Access Control

Software Contact Form by WD Type Plugin Vulnerable versions = 1.15.16 Fixed in 1.15.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1b7f926114eb Credits Unknown Required privilege...

KLA62828 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft ODBC and OLE DB can be exploited...

CVE-2023-21141

CVE-2023-21141 affects Android 11–13 and is linked to a permissions bypass that allows access to developer mode traces, enabling local information disclosure without additional execution privileges. The vulnerability is described as an information disclosure (ID) issue with local attack vector an...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)

Software Flo Forms Type Plugin Vulnerable versions = 1.0.40 Fixed in 1.0.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35095 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80a812c3a1fb Credits yuyudhn Required privilege...

A Bootiful Podcast: Angular Google Developer Expert Santosh Yadav

Hi, Spring fans! In this installment Josh Long @coffesoftware talks to Angular Google Developer Expert Santosh Yadav @santoshyadavdev about the latest and greatest in the JavaScript and Angular ecosystem...

WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software breadcrumb simple Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35092 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 50a5e1d60df5 Credits Rio Darmawan Required...

WordPress WP Matterport Shortcode Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Matterport Shortcode Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35094 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 896701a47def Credits yuyudhn Require...

PT-2023-17934 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a permissions bypass in several functions of multiple files, allowing access to developer mode traces. This could lead to local information disclosure without...

Online Thesis Archiving System v1.0 - Multiple-SQLi

Exploit Title: Online Thesis Archiving System v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 06.12.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...

WordPress WP Directory Kit Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2351 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ab7cb35f6371 Credits Lana Codes Required privile...

WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 3.7.29 Fixed in 3.7.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34021 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 57d5d23230bd Credits Phd Required privilege...

WordPress Contact Forms by Cimatti Plugin <= 1.5.7 is vulnerable to Broken Access Control

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35051 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID df5ca4f315dc Credits Abdi Pranata...