WordPress Disqus Conditional Load Plugin <= 11.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Disqus Conditional Load Type Plugin Vulnerable versions = 11.1.1 Fixed in 11.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23732 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID edb6737fa0de Credits yuyudhn...

WordPress Product Category Slider for WooCommerce Plugin <= 4.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Product Category Slider for WooCommerce Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e1535456a6d2...

WordPress User Registration Plugin <= 2.3.2.1 is vulnerable to PHP Object Injection

Software User Registration Type Plugin Vulnerable versions = 2.3.2.1 Fixed in 2.3.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-27459 Patch priority High CVSS severity High 7.4 Developer Masteriyo PSID e4c6b86e3ea3 Credits Rafie Muhammad Patchstack Required privile...

WordPress Sheets To WP Table Live Sync Plugin <= 2.12.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sheets To WP Table Live Sync Type Plugin Vulnerable versions = 2.12.14 Fixed in 2.12.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10f41cbc718b Credits...

WordPress Cart Lift Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Cart Lift Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 468e4b8c6ecf Credits István Márton Required...

WordPress Cyberus Key Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Cyberus Key Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28620 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID db1af294e0d7 Credits Pavitra Tiwari Required privile...

Spring Tips: Vaadin Flow and Spring Boot 3

Hi, Spring fans! In this installment, we'll look at the fantastic Vaadin Flow library, which has recently been updated for Spring Boot 3, and how it can help you be happier. the code is available, as usual, here this episode features special guest Marcus Hellberg, VP developer relations from...

WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software Read More Without Refresh Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23793 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1bf9aee89c13 Credits Mika Required...

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure Vulnerability

Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability. Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Softwar...

CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

Deserialization of untrusted data

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.20 is vulnerable to Broken Access Control

Software SEO Plugin by Squirrly SEO Type Plugin Vulnerable versions = 12.1.20 Fixed in 12.1.21 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-44626 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 1cd4494bfb30 Credits Rafie Muhamm...

WordPress Real Estate Directory Theme <= 1.0.5 is vulnerable to Broken Authentication

Software Real Estate Directory Type Theme Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-28532 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID d6b9b2cfbb79 Credits Dave Jong Patchsta...

WordPress Pagination Styler for WooCommerce Plugin <= 3.5.7.6 is vulnerable to Broken Access Control

Software Pagination Styler for WooCommerce Type Plugin Vulnerable versions = 3.5.7.6 Fixed in 3.5.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9700cfe7197b Credits István...

WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Shortcode by MyThemeShop Type Plugin Vulnerable versions = 1.4.16 Fixed in 1.4.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2089c32fb90d Credits Istvá...

WordPress Mortgage Calculator Estatik Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Mortgage Calculator Estatik Type Plugin Vulnerable versions = 2.0.11 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28490 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 71ec944fa1a2 Credits minhtuanac...

WordPress WPML - WordPress Multilingual Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software WPML - WordPress Multilingual Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6e47dc7713a3 Credits N/A Required privilege...

WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-36352 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 97a93e8f05e7 Credits István Márton Required privileg...

WordPress Terms and Conditions Popup for WooCommerce Plugin <= 3.5.7.6 is vulnerable to Broken Access Control

Software Terms and Conditions Popup for WooCommerce Type Plugin Vulnerable versions = 3.5.7.6 Fixed in 3.5.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 452074188160 Credit...

WordPress Slide Anything Plugin <= 2.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Slide Anything Type Plugin Vulnerable versions = 2.4.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28499 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 20dca4f988b8 Credits RE-ALTER Required...