WordPress WP Docs Plugin <= 1.9.8 is vulnerable to Broken Access Control

Software WP Docs Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30873 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3a97e9d9d358 Credits István Márton Required privilege...

WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Stock Exporter for WooCommerce Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30871 Patch priority Medium CVSS severity Medium 7.1 Developer PT Woo Plugins by Webdados PSID 0972015716d1...

WordPress ARMember Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software ARMember Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47140 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 04bcef5f802c Credits Team WeBoB Required...

WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Motors – Car Dealer & Classified Ads Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38716 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 076e6b4c8854 Credit...

WordPress WP-FormAssembly Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software WP-FormAssembly Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02e3cddecd0a Credits WordFence Required privilege...

WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShopEngine Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45371 Patch priority Low CVSS severity Low 5.4 Developer Wpmet PSID 491b80f78482 Credits Muhammad Daffa Required privilege...

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47428 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID be3286ef939c Credits thiennv Required...

CVE-2023-21969

Vulnerability in Oracle SQL Developer component: Installation. Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer...

CVE-2023-21969

Vulnerability in Oracle SQL Developer component: Installation. Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer...

Buffer overflow

Vulnerability in Oracle SQL Developer component: Installation. Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer...

CVE-2023-21969

CVE-2023-21969 affects Oracle SQL Developer (Installation component) with versions prior to 23.1.0. The root cause is insufficient input validation in the Installation component, allowing a high-privileged user with local access to compromise the Oracle SQL Developer instance, potentially taking ...

Oracle SQL Developer 安全漏洞

Oracle SQL Developer is a free integrated development environment from Oracle Corporation that simplifies the development and management of Oracle databases. A security vulnerability exists in Oracle SQL Developer versions prior to 23.1.0. An attacker exploiting this vulnerability could take over...

PT-2023-2666 · Oracle · Oracle Sql Developer

Name of the Vulnerable Software and Affected Versions: Oracle SQL Developer versions prior to 23.1.0 Description: The issue is related to insufficient input validation in the Installation component of Oracle SQL Developer, allowing a high-privileged attacker with logon to the infrastructure where...

WordPress Zendesk Support for WordPress Plugin <= 1.8.4 is vulnerable to Broken Access Control

Software Zendesk Support for WordPress Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23716 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6acb29c79c98 Credits István Márton...

WordPress BBSpoiler Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software BBSpoiler Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23873 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a837c2affda Credits István Márton Required privileg...

WordPress Photo Gallery by 10Web Plugin < 1.8.15 is vulnerable to Directory Traversal

Software Photo Gallery by 10Web Type Plugin Vulnerable versions 1.8.15 Fixed in 1.8.15 OWASP Top 10 A6: Security Misconfiguration Classification Directory Traversal CVE CVE-2023-1427 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID f915d3bc46f4 Credits Nguyen Huu Do Require...

WordPress Kaya QR Code Generator Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Kaya QR Code Generator Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30784 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6805ca51cf5 Credits Mika Required...

WordPress Smart WooCommerce Search Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Smart WooCommerce Search Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 62fafaa98313 Credits István Márton Requir...

WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.5.8 Fixed in 7.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-33961 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 3f9f31524979 Credits...

JVN#14492006: API server of TONE Family vulnerable to authentication bypass using an alternate path

API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path CWE-288. Impact A remote unauthenticated attacker may login to the management console of the affected service by using E-mail address required when logging into...