WordPress Easy Panorama Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Easy Panorama Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23799 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 77cda799a1f9 Credits Rio Darmawan Required...

WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Wp-Insert Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25461 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d6f86fdf4f79 Credits Abdi Pranata Required privile...

WordPress Ocean Extra Plugin < 2.1.3 is vulnerable to Sensitive Data Exposure

Software Ocean Extra Type Plugin Vulnerable versions 2.1.3 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0749 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 4139d2fa0b6a Credits Erwan LR WPScan Required...

WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software Feed Changer Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25795 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 278406b3155b Credits Rio Darmawan Required privileg...

WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Click to Call or Chat Buttons Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25710 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b77be6455269 Credits yuyudhn...

CVE-2023-22370

Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer...

Android 14 developer preview highlights multiple security improvements

Android developers have been given a taste of whats to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes theyll enjoy and what ones theyll hav...

WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.11 Fixed in 3.9.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25709 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f57ac9a0dcf Credits thiennv...

Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. PoC Note: This requires the OceanWP theme to be...

WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...

WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Opt-Out for Google Analytics Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25712 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2387d8d69039 Credits Rio Darmaw...

WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46811 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSI...

WordPress Robots.txt optimization Plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Robots.txt optimization Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25706 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1bba120cb645 Credits Abdi Pranat...

Mozilla Firefox < 110.0

The version of Firefox installed on the remote Windows host is prior to 110.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-05 advisory. - Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety...

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Broken Access Control

Software Quick Paypal Payments Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25714 Patch priority High CVSS severity High 7.5 Developer Fullworks Plugins PSID 70f3386a0525 Credits yuyudhn Required...

KLA20237 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security...

KLA20235 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft SQL Server...

Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. Note: This requires the OceanWP theme to be...

WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software GamiPress Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25697 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 466ccc666256 Credits Dave Jong Patchstack...

Resume Builder <= 3.1.1 - Subscriber+ Stored XSS

The plugin does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users Run the below command in the developer console of the web browser while being on the blog as subscriber...