WordPress WP EasyPay Plugin < 4.1 is vulnerable to Cross Site Scripting (XSS)

Software WP EasyPay Type Plugin Vulnerable versions 4.1 Fixed in 4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1465 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2b3a789b9109 Credits Pablo Sanchez Required privilege...

WordPress Stagtools Plugin < 2.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Stagtools Type Plugin Vulnerable versions 2.3.7 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0891 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 45383c67eda9 Credits xplo1t Required privilege...

GitLab 10.0 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2023-2069)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user...

Google Blocks 1.43 Million Malicious Apps, Bans 173,000 Bad Accounts in 2022

Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions...

aedart ion 安全漏洞

aedart ion is a product from the Danish individual developer Alin Eugen Deac that provides versatile packages. A security vulnerability exists in aedart ion versions prior to 0.6.1, which stems from a possible prototype contamination issue...

WordPress Depicter Slider Plugin <= 1.9.0 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47176 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 539ee2ac709d Credits thiennv Required privilege...

WordPress AJAX Thumbnail Rebuild Plugin <= 1.13 is vulnerable to Broken Access Control

Software AJAX Thumbnail Rebuild Type Plugin Vulnerable versions = 1.13 Fixed in 1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b90f03667897 Credits Justiice Required...

WordPress Zephyr Project Manager Plugin <= 3.3.9 is vulnerable to Open Redirection

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.3.91 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-31237 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0a67e197ec76 Credits Nguyen Xuan Chien...

WordPress Active Directory Integration / LDAP Integration Plugin < 4.1.1 is vulnerable to Sensitive Data Exposure

Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0812 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 79df970a00a6...

WordPress LIQUID SPEECH BALLOON Plugin < 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software LIQUID SPEECH BALLOON Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27889 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b1811e420432 Credits Ryo Sato of BroadBa...

WordPress Orbit Fox by ThemeIsle Plugin < 2.10.24 is vulnerable to Server Side Request Forgery (SSRF)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions 2.10.24 Fixed in 2.10.24 OWASP Top 10 A3: Sensitive Data Exposure Classification Server Side Request Forgery SSRF CVE CVE-2023-2287 Patch priority Medium CVSS severity Medium 5.5 Developer Claim ownership PSID b60604d1a545 Credits Al...

WordPress WP Directory Kit Plugin <= 1.1.9 is vulnerable to Open Redirection

Software WP Directory Kit Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-31229 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID e18f8bf074f1 Credits Nguyen Xuan Chien Required...

4 Takeaways from the 2023 Gartner® Market Guide for CNAPP

In an ongoing effort to help security organizations gain greater visibility into risk, we're pleased to offer this complimentary Gartner research, and share our 4 Takeaways from the 2023 Gartner® Market Guide for CNAPP. This critical research can help security leaders take an in-depth look into...

WordPress Autoptimize Plugin < 3.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Autoptimize Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 45f6a5c2bef1 Credits Juampa Rodríguez Required...

WordPress WP Popups Plugin < 2.1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Popups Type Plugin Vulnerable versions 2.1.5.1 Fixed in 2.1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1905 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 10bebf67691e Credits Erwan LR Required...

WordPress Cream Magazine Theme <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Cream Magazine Type Theme Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28687 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a491754a1a0 Credits László Radnai...

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. Run the below command in the developer console of the web browser while being on the blog...

WordPress Glaze Blog Lite Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Glaze Blog Lite Type Theme Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28687 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0a07af531c50 Credits László Radnai Required...

WordPress Custom Post Type List Shortcode Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Custom Post Type List Shortcode Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0542 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 395cd0fac5ee Credits Istv...

WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Broken Access Control

Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a6f498e522a5 Credits Ramuel Gall Required...