WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software TheRoof Type Theme Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29430 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a30310c483cd Credits RE-ALTER Required privilege...

WordPress Connections Business Directory Plugin <= 10.4.36 is vulnerable to Cross Site Scripting (XSS)

Software Connections Business Directory Type Plugin Vulnerable versions = 10.4.36 Fixed in 10.4.37 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29437 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 584ffff6397a Credits...

WordPress Transbank Webpay REST Plugin <= 1.6.6 is vulnerable to SQL Injection

Software Transbank Webpay REST Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-27610 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID d271398a2afa Credits Mika Required privilege Administrator...

WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.75 Fixed in 1.0.76 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29427 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5784c15e5a5a Credits minhtuanact Required...

WordPress Image Over Image For WPBakery Page Builder Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Image Over Image For WPBakery Page Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0399 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 56777456f56b Credi...

WordPress Add User Role Plugin < 1.6.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add User Role Type Plugin Vulnerable versions 1.6.7 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0820 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7eb1f185c259 Credits dc11 Required privilege...

configobj ReDoS exploitable by developer using values in a server-side configuration file

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Albo Pretorio Online Type Plugin Vulnerable versions = 4.6.1 Fixed in 4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28993 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID beb857678c31 Credits Romés Akhan...

WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 1.5.46 Fixed in 1.5.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29172 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f09421dbd25 Credits minhtuanact Requir...

WordPress Welcome Bar Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Welcome Bar Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1616e8eeba7b Credits WordFence Required privilege Subscribe...

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS)

Software Product Enquiry for WooCommerce Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b43cae5ebb34 Credits Myung...

WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS)

Software CopySafe Web Protection Type Plugin Vulnerable versions = 3.13 Fixed in 3.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29098 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cced9bcfbcba Credits Elliot...

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Exploit Title: Zstore 6.5.4 - Reflected Cross-Site Scripting XSS Development: nu11secur1ty Date: 01.18.2023 Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5....

py39-configobj -- vulnerable to Regular Expression Denial of Service

DarkTinia reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS)

Software Conditional extra fees for woocommerce Type Plugin Vulnerable versions = 1.0.96 Fixed in 1.0.97 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29093 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14551fbb2b7d Credit...

WordPress Premmerce Redirect Manager Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Premmerce Redirect Manager Type Plugin Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23789 Patch priority Low CVSS severity Low 5.9 Developer Premmerce PSID d4a40e7e7165 Credits Rio Darmawan...

WordPress Viral Mag Theme <= 1.0.9 is vulnerable to Broken Authentication

Software Viral Mag Type Theme Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-28990 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b28f73fc2c08 Credits Dave Jong Patchstack Required...