WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Slug Translate Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26515 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a353ffb7160f Credits yuyudhn Required...

WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Dashboard Widgets Suite Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26517 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b0d81df240e3 Credits Rio Darmawan...

WordPress WP Meta SEO Plugin <= 4.5.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.5.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1029 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e41d91f1ddfe Credits Marco Wotschka Required...

WordPress Coupon Zen Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coupon Zen Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6059f6769c37 Credits WordFence Required privilege...

WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR

The plugin does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. Run t...

SourceCodester Class and Exam Timetabling System SQL注入漏洞

Class and Exam Timetabling System is a class and exam timetabling system by the individual developer Cherylda Jardeliza Ohiman. SourceCodester Class and Exam Timetabling System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter password...

WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software YouTube Channel Type Plugin Vulnerable versions = 3.23.3 Fixed in 3.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25987 Patch priority Low CVSS severity Low 4.3 Developer Aleksandar Urošević PSID fad79021f069 Credits Mika Required...

WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Zendrop – Global Dropshipping Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-25970 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 180f30af21a8 Credits Dave Jong...

WordPress Apollo13 Framework Extensions Plugin <= 1.8.10 is vulnerable to Broken Access Control

Software Apollo13 Framework Extensions Type Plugin Vulnerable versions = 1.8.10 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25959 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e663c34e63b0 Credits István Márton...

Russian Malware Developer Behind NLBrute Extradited to US

By Habiba Rashid Dairy Pankov, a.k.a. dpxaker, was accused of developing brute force and malicious software, NLBrute. This is a post from HackRead.com Read the original post: Russian Malware Developer Behind NLBrute Extradited to US...

WordPress WP Meta SEO Plugin <= 4.5.2 is vulnerable to SQL Injection

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.2 Fixed in 4.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ed22c0b021d4 Credits WordFence Required privilege Subscriber Published 23 February,...

MAL-2023-7996 Malicious code in @pagseguro/nest (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b16a70a89161283b99538bb25fdbaecc235a75a73c7a471c98ad831fc08a7cdf Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

ReviewX < 1.6.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the filterValue and selectedColumns parameters before using them in SQL statements via the rxexportreview AJAX action available to any authenticated users, leading to a SQL injection exploitable by users with a role as low as subscriber Run the bel...

CVE-2022-39983

File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code...

Instant Developer RD3 Framework 代码问题漏洞

Instant Developer RD3 Framework is a framework from Instant Developer, Inc. A code issue vulnerability exists in Instant Developer RD3 Framework version 22.0.8500, which stems from the presence of a file upload vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID acc4d402d165 Credits WordFence Required privilege...

WordPress Client Portal – Private user pages and login Plugin <= 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Client Portal – Private user pages and login Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25968 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41903f8c3f9...

K25570584: Apache Struts vulnerability CVE-2012-0394

Security Advisory Description DISPUTED The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability...

WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Read More Excerpt Link Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26011 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 838704e6067f Credits Mika Required...

Music Gallery Site SQL注入漏洞

Music Gallery Site is a music gallery site by the individual developer Carlo Montero. A SQL injection vulnerability exists in Music Gallery Site version 1.0, which stems from an incorrect manipulation of the parameter cid resulting in sql injection...