WordPress Postmatic Plugin < 2.2.10 is vulnerable to PHP Object Injection

Software Postmatic Type Plugin Vulnerable versions 2.2.10 Fixed in 2.2.10 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4265 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 96f8ea22622f Credits Lana Codes Required privilege Subscriber...

Critical: Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update

An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

WordPress HT Portfolio Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Portfolio Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0497 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3421d1e706d1 Credits Lana Codes Required...

WordPress HT Slider For Elementor Plugin < 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Slider For Elementor Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fea57db2be31 Credits Lana Codes...

Purchase Order Management 1.0 SQL Injection

Title: Purchase Order Management-1.0 - SQLi Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

WordPress Smart Slider 3 Plugin < 3.5.1.14 is vulnerable to Cross Site Scripting (XSS)

Software Smart Slider 3 Type Plugin Vulnerable versions 3.5.1.14 Fixed in 3.5.1.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0660 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 008134aaa2eb Credits Erwan LR WPScan...

Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update

The plugin has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user...

WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Jetpack CRM Type Plugin Vulnerable versions = 5.4.4 Fixed in 5.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27429 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ddffc0e309f7 Credits Team WeBoB Required privile...

WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software DecaLog Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27444 Patch priority Low CVSS severity Low 4.3 Developer PerfOps One PSID 721ad967e10d Credits Mika Required privilege...

OpenAI Releases Developer APIs for ChatGPT and Whisper Models

By Deeba Ahmed OpenAI has announced the launch of developer APIs for the ChatGPT chatbot. This means that developers will be… This is a post from HackRead.com Read the original post: OpenAI Releases Developer APIs for ChatGPT and Whisper Models...

WordPress Elegant Custom Fonts Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Elegant Custom Fonts Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27436 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e6a5548377b4 Credits Rio Darmawan...

WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software About Me 3000 widget Type Plugin Vulnerable versions = 2.2.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25474 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b613e5b81843 Credits Mika Required...

WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Leyka Type Plugin Vulnerable versions = 3.29.2 Fixed in 3.30 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27442 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dc5061a06f06 Credits yuyudhn Required privilege...

WordPress Total Poll Lite Plugin <= 4.8.6 is vulnerable to Broken Access Control

Software Total Poll Lite Type Plugin Vulnerable versions = 4.8.6 Fixed in 4.8.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27449 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02f4127c29b8 Credits Mika Required privilege...

WordPress UpQode Google Maps Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software UpQode Google Maps Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0094 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 983dbcd3ed03 Credits Lana Codes Requir...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.2.1 is vulnerable to Bypass Vulnerability

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-0085 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID 9ebffbb7ebd5 Credits Mohammed El Amin...

WordPress Admin CSS MU Plugin <= 2.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Admin CSS MU Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f8576e8732f6 Credits Dave Jong Patchstack Required privile...

WordPress Synved Shortcodes Plugin <= 1.6.36 is vulnerable to Cross Site Scripting (XSS)

Software Synved Shortcodes Type Plugin Vulnerable versions = 1.6.36 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0063 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 97249fb0c45f Credits Lana Codes Requir...

WordPress Auto Featured Image (Auto Post Thumbnail) Plugin < 3.9.16 is vulnerable to Arbitrary File Upload

Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions 3.9.16 Fixed in 3.9.16 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0477 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID ad8cfc8bf738 Credits dc11 Required...