WordPress FluentForm Plugin < 4.3.25 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions 4.3.25 Fixed in 4.3.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0546 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 479c93086620 Credits Vaibhav Rajput Required...

safe-eval 安全漏洞

safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval has a security vulnerability that stems from improper cleaning of input...

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Giveaways Type Plugin Vulnerable versions 2.45.1 Fixed in 2.45.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1122 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 8adf4cd8d10f Credits Varun Required...

WordPress JetEngine Plugin < 3.1.3.1 is vulnerable to Remote Code Execution (RCE)

Software JetEngine Type Plugin Vulnerable versions 3.1.3.1 Fixed in 3.1.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1406 Patch priority High CVSS severity High 9.1 Developer Crocoblock PSID a91fe4278b33 Credits R3zk0n Required privilege Author Published 11...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Microsoft Developer Tools. A malicious party could exploit the vulnerabilities to gain access to sensitive data, obtain elevated privileges or execute arbitrary code. To do so the malicious party must have access to a system on which the vulnerable...

KLA48843 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability...

WordPress Stylish Cost Calculator Premium Plugin < 7.9.0 is vulnerable to Cross Site Scripting (XSS)

Software Stylish Cost Calculator Premium Type Plugin Vulnerable versions 7.9.0 Fixed in 7.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0983 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 344803b43355 Credits Flaviu...

WordPress Hummingbird Plugin < 3.4.2 is vulnerable to Path Traversal

Software Hummingbird Type Plugin Vulnerable versions 3.4.2 Fixed in 3.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Path Traversal CVE CVE-2023-1478 Patch priority High CVSS severity High 8.6 Developer WPMU DEV PSID 237afa7a6db1 Credits Karol Mazurek AFINE Required privilege...

WordPress Simple Giveaways Plugin < 2.45.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Giveaways Type Plugin Vulnerable versions 2.45.1 Fixed in 2.45.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3822ab339f6d Credits ipatelsumit Required...

WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Sensitive Data Exposure

Software WP Tiles Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1426 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 0ecd1ecdc31a Credits Erwan LR WPScan Required...

WordPress WP Fastest Cache Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Fastest Cache Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5344a78dd310 Credits Marco Wotschka...

Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing

Title: Microsoft-Edge-Chromium-based-Webview2-1.0.1661.34-Spoofing-Vulnerability Author: nu11secur1ty Date: 04.10.2023 Vendor: https://developer.microsoft.com/en-us/ Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/ Reference:...

Pixel Update Bulletin—April 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2023-04-05 or later address all issues in this bulletin and all issues in the April 2023 Android Securi...

Adobe Connect 11.4.5 - Local File Disclosure Vulnerability

Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested on...

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

Google aims to reduce data theft with app data and account deletions

Google has made multiple security improvements to the general operation of apps over the last 12 months or so. Its now a little easier to understand what apps want from you. Labels which indicate a level of trustworthiness for developers. Changes made to ensure old, abandoned apps will no longer...

WordPress WCFM Marketplace Plugin <= 3.4.11 is vulnerable to Broken Access Control

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.11 Fixed in 3.4.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4935 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f99e67f24d Credits Chloe Chamberland Require...

WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.12 Fixed in 3.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13c6dc4f50f8 Credits Chloe Chamberland...

WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Health Check & Troubleshooting Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47161 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4168e86a07d1 Credits...