WordPress Mocho Blog Theme <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Mocho Blog Type Theme Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27412 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 085597533752 Credits László Radnai Required...

WordPress Weaver Xtreme Theme Support Plugin <= 6.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0276 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 323a045198cd Credits István...

WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Extensions for Leaflet Map Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31074 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c7502b39b947 Credits Le Ngo...

wip 命令注入漏洞

wip is a simple WIP Github operation written in Bash by the German individual developer Michael Gasch. A command injection vulnerability exists in versions prior to wip v2, which stems from string interpolation leading to a command injection vulnerability...

WordPress XML for Google Merchant Center Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software XML for Google Merchant Center Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d755941dcf65 Credits LE...

WordPress Elementor Website Builder Plugin <= 3.12.1 is vulnerable to SQL Injection

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.12.1 Fixed in 3.12.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0329 Patch priority Low CVSS severity Low 6.6 Developer Elementor PSID c642fe631d89 Credits Sanjay Das Required privilege Administrator...

WordPress Display custom fields in the frontend – Post and User Profile Fields Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Display custom fields in the frontend – Post and User Profile Fields Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31073 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Slider Revolution Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28622 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID e200bc473eac Credits Yuki Harum...

Bypass of CSRF protection in the presence of predictable userInfo

Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...

GHSA-QRGF-9GPC-VRXW Bypass of CSRF protection in the presence of predictable userInfo

Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...

Microsoft Word 16.72.23040900 - Remote Code Execution Vulnerability

Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

A Bootiful Podcast: Gradle Developer Advocate, Java Champion, and legend Trisha Gee

Hi, Spring fans! In this installment, Java Champion and legend Trisha Gee @trishagee rejoins the show to talk about Gradle, developer productivity, and so much more...

WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...

WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1651 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fe1f44f2072 Credits Erwan LR Required privilege...

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Verified Reviews Avis Vérifiés Type Plugin Vulnerable versions = 2.3.14 Fixed in 2.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23720 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4bfd6109ebaa Credits yuyudh...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Reservation.Studio widget Type Plugin Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25468 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2f4e37f788c3 Credits Lokesh...

WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Links Page Type Plugin Vulnerable versions = 4.9.3 Fixed in 4.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a20af666246 Credits István Márton Required...

WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Album Gallery – WordPress Gallery Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23646 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 043c2f9c9d2e Credits...

WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Update Image Tag Alt Attribute Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27455 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ba6000222dd7 Credits...