WordPress Terms and Conditions Popup for WooCommerce Plugin <= 3.5.7.6 is vulnerable to Broken Access Control

Software Terms and Conditions Popup for WooCommerce Type Plugin Vulnerable versions = 3.5.7.6 Fixed in 3.5.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 452074188160 Credit...

WordPress Product Tabs Manager for WooCommerce Plugin <= 1.1.5.7 is vulnerable to Broken Access Control

Software Product Tabs Manager for WooCommerce Type Plugin Vulnerable versions = 1.1.5.7 Fixed in 1.1.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 7d52b176249e Credit...

WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Shortcode by MyThemeShop Type Plugin Vulnerable versions = 1.4.16 Fixed in 1.4.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2089c32fb90d Credits Istvá...

WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form 7 Redirect & Thank You Page Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24395 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 85651332013c...

WordPress Mediciti Lite Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Mediciti Lite Type Theme Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28418 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6c5814599dc5 Credits Dave Jong Patchstack...

WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Tags Cloud Manager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28166 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2ce2846850ca Credits Nithissh S Required...

KLA48555 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in GitHub can be exploited remotely to gain...

WordPress Ajax Load More Plugin < 5.6.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Load More Type Plugin Vulnerable versions 5.6.0.3 Fixed in 5.6.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4466 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 33d2d66c78ff Credits Lana Codes Requir...

WordPress Woo Products Widgets For Elementor Plugin < 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Woo Products Widgets For Elementor Type Plugin Vulnerable versions 1.0.8 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4661 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1f3087ed1109 Credits...

WordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF)

Software PhonePe Payment Solutions Type Plugin Vulnerable versions = 1.0.15 Fixed in 2.0.0 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-45835 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 91a25d420946 Credits Aman Rawat...

WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27629 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 45dbc55b56d9 Credits Mika Required privilege...

WordPress Print Invoice & Delivery Notes for WooCommerce Plugin <= 4.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Print Invoice & Delivery Notes for WooCommerce Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46795 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2023

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2023. IBM 8 SR7 FP20 1.8.0351. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION:...

Reentrancy in staking function exit

Lines of code Vulnerability details Impact The user on calling exit calls the updateReward function twice. Proof of Concept First entry is in function withdraw burn Calling the Hook beforeTokenTransfer Which in turn calls updateReward Second Entry getReward call updateReward directly Tools Used...

PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time

In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is possible to work against your own best interest...

WordPress W4 Post List Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software W4 Post List Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27413 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d11d5bfd3465 Credits Abdi Pranata Required...

WordPress Complianz – GDPR/CCPA Cookie Consent Plugin < 6.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Complianz – GDPR/CCPA Cookie Consent Type Plugin Vulnerable versions 6.4.2 Fixed in 6.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 624d8c17b2e4 Credits...

WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF)

Software Daily Prayer Time Type Plugin Vulnerable versions = 2023.03.08 Fixed in 2023.03.18 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27632 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 04293ebf8149 Credits yuyudhn...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A type-mangling vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type-mangling issue in the DevTools component. A remote attacker could exploit this vulnerability to cause heap corruption via crafted UI...

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mode is...