WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...

KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure

The plugin does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users Run the below command in the developer console of the web...

WordPress WordPress Tables Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Tables Type Plugin Vulnerable versions = 1.3.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25453 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c90cdd1a03de Credits Le Ngoc Anh Requir...

CVE-2023-23599

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

WordPress WooCommerce Box Office Plugin <= 1.1.51 is vulnerable to Broken Access Control

Software WooCommerce Box Office Type Plugin Vulnerable versions = 1.1.51 Fixed in 1.1.52 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34003 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 51c5f4c853cf Credits Rafie Muhammad...

CVE-2023-25731

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox 110...

WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Box Office Type Plugin Vulnerable versions = 1.1.50 Fixed in 1.1.51 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34004 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 270c72521204 Credits Rafie Muhammad...

WordPress GDPR Cookie Consent Notice Box Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software GDPR Cookie Consent Notice Box Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32294 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e4ea913f3b06 Credits Emili...

CVE-2023-25731

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox 110...

CVE-2023-25731

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox 110...

CVE-2023-25731

CVE-2023-25731 affects Mozilla Firefox prior to 110, where URL previews in the network panel’s developer tools could allow query parameters to overwrite global objects in privileged code. The issue is confirmed by multiple sources stating Firefox

CVE-2023-23599 Malicious command could be hidden in devtools output on Windows

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

CVE-2023-23599 Malicious command could be hidden in devtools output on Windows

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.3 is vulnerable to Broken Access Control

Software Uncanny Toolkit for LearnDash Type Plugin Vulnerable versions = 3.6.4.3 Fixed in 3.6.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34019 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86dfb320b43d Credits Mika...

WordPress B2BKing Premium Plugin <= 4.6.00 is vulnerable to Settings Change

Software B2BKing Premium Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 9d7b5ffc34e9 Credits N/A Required privilege Subscriber Publishe...

RUSTSEC-2023-0040 `users` crate is unmaintained

The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...

`users` crate is unmaintained

The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...

PT-2023-36091 · Users · Users

Name of the Vulnerable Software and Affected Versions: users affected versions not specified Description: The issue concerns the users crate, which has not been updated since 2020-10-08, and its developer appears to be inactive. Recommendations: At the moment, there is no information about a newe...

ASB-A-262244249

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Security Bulletin: IBM Rational Developer for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).

Summary IBM Rational Developer for i uses the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Rational Developer for i has addressed...