CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI...

Lost and Found Information System 访问控制错误漏洞

Lost and Found Information System is a lost and found information system by oretnom23 Individual Developer. An Access Control Error vulnerability exists in Lost and Found Information System version 1.0, which stems from incorrect access control...

WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25981 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 00a2c7a49e64 Credits István Márton Required...

WordPress Featured Image Pro Post Grid Plugin <= 5.14 is vulnerable to Cross Site Scripting (XSS)

Software Featured Image Pro Post Grid Type Plugin Vulnerable versions = 5.14 Fixed in 5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32598 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4756e7fba901 Credits OZ1NG TOOR...

WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Donations Made Easy – Smart Donations Type Plugin Vulnerable versions = 4.0.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32603 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8415256cc6f...

WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Quick Page/Post Redirect Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25063 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 28b05154c93f Credits Justiice...

WordPress Elementor Website Builder Plugin <= 3.13.1 is vulnerable to Broken Access Control

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.13.1 Fixed in 3.13.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Elementor PSID 95f606d4bd1b Credits N/A Required privilege...

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection , which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ag...

WordPress Custom 404 Pro Plugin < 3.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom 404 Pro Type Plugin Vulnerable versions 3.7.3 Fixed in 3.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2023 Patch priority High CVSS severity High 7.1 Developer Kunal Nagar PSID f5c6964d03e8 Credits Chien Vuong Required privileg...

WordPress Injection Guard Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software Injection Guard Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32574 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1c70e6bd7c94 Credits Abdi Pranata Required privile...

WordPress Portfolio Gallery – Responsive Image Gallery Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software Portfolio Gallery – Responsive Image Gallery Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32585 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 46edb5a7cfb0 Credit...

WordPress Loginizer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Loginizer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2296 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 867402dd8b92 Credits Erwan LR WPScan Required...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...

WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to Privilege Escalation

Software Woodmart Core Type Plugin Vulnerable versions = 1.0.36 Fixed in 1.0.37 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-32244 Patch priority High CVSS severity High 9.8 Developer Xtemos PSID a0b94835d329 Credits Dave Jong Patchstack Required privile...

WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7183b75ec323 Credits Rafie Muhammad...

WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Dyslexiefont Free Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32589 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fb7c8442b1dc Credits Yash Kanchhal...

WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.18 Fixed in 3.9.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-32576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48ffad270d6d Credits Abdi...

WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion

Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32239 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID 157d641b350c Credits Dave Jong Patchstack Required...

WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Forget About Shortcode Buttons Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32579 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 97c2cfa92f61 Credits István Márton...