Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29381)

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to a SQL injection vulnerability in the file /classes/Master.php?f=updateorderstatus, where the parameter id of the function...

WordPress Quiz And Survey Master Plugin <= 8.1.4 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.4 Fixed in 8.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28787 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 34ea65c01c78 Credits Rafie Muhammad Patchstack Required...

WordPress MyCryptoCheckout Plugin < 2.124 is vulnerable to Cross Site Scripting (XSS)

Software MyCryptoCheckout Type Plugin Vulnerable versions 2.124 Fixed in 2.124 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1546 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b58e27663e61 Credits Pablo Sanchez Required...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.25 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.25 Fixed in 4.9.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1978 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dde7717ec078...

WordPress Landing Page Builder – Free Landing Page Templates Plugin <= 3.1.9.9 is vulnerable to Local File Inclusion

Software Landing Page Builder – Free Landing Page Templates Type Plugin Vulnerable versions = 3.1.9.9 Fixed in 3.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-24379 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID e3d21e2cc897 Credits yuyudhn...

WordPress a3 Portfolio Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software a3 Portfolio Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29097 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 48c32d750fae Credits Yuki Haruma Required...

Auto Dealer Management System SQL注入漏洞

Auto Dealer Management System is a car dealer management system by Carlo Montero Personal Developer. A security vulnerability exists in Auto Dealer Management System v1.0. An attacker can exploit this vulnerability to perform SQL injection attacks...

WordPress Download Manager Plugin 5.0.0-6.2.9 is vulnerable to Sensitive Data Exposure

Software Download Manager Type Plugin Vulnerable versions 5.0.0-6.2.9 Fixed in 6.3.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1809 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 59ef71547191 Credits Johan Kragt Required...

WordPress WP VR Plugin < 8.2.9 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.9 Fixed in 8.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1413 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID f109d593f865 Credits Erwan LR WPScan Required privilege...

WordPress Slimstat Analytics Plugin < 4.9.4 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions 4.9.4 Fixed in 4.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 15c6f41fc9e5 Credits PluginVulnerabilities Required privilege Subscriber...

WordPress Square Theme <= 2.0.0 is vulnerable to Broken Access Control

Software Square Type Theme Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30486 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6813b5262bc4 Credits Dave Jong Patchstack Required privilege...

WordPress Pricing Tables For WPBakery Page Builder Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Pricing Tables For WPBakery Page Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0367 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3359d5d482fd Credits...

Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin

On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves...

WordPress Video Central Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Video Central Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0418 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6114cbd9fcb5 Credits Lana Codes Required...

WordPress PowerPress Podcasting Plugin <= 10.0 is vulnerable to Cross Site Scripting (XSS)

Software PowerPress Podcasting Type Plugin Vulnerable versions = 10.0 Fixed in 10.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1917 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2e844f252ce9 Credits Alex Thomas...

WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Cross Site Scripting (XSS)

Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1126 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 345ebf3e10d0 Credits Ameen Alkurdy Required...

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...

ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS Run the below command in...

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers,...

Online Computer and Laptop Store Path Traversal Vulnerability

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A path traversal vulnerability exists in Online Computer and Laptop Store v1.0. The vulnerability stems from the fact that the parameter path in the file /classes/Master.php?f=deleteim...