WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.6.0 is vulnerable to Arbitrary Content Deletion

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.6.0 Fixed in 7.6.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-25455 Patch priority Low CVSS severity Low 5.3 Developer Claim...

WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Portfolio – WordPress Portfolio Plugin Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23685 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 518a0520e6c9 Credit...

WordPress Rank Math SEO Plugin <= 1.0.107.2 is vulnerable to Local File Inclusion

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.107.2 Fixed in 1.0.107.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23888 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID e3a7d6a3381a Credits Rafie Muhammad Patchstack Required...

WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin < 2.0.9 is vulnerable to SQL Injection

Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions 2.0.9 Fixed in 2.0.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0487 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID cdb7568b0dc6 Credits qerogramat Kak...

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25040 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7acc7c74ae4b Credits Rafie Muhammad...

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Arbitrary File Download

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2023-25050 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 547ac1ab598f Credits Rafie Muhammad...

The vulnerability of the DevTools set of tools for web development in the Google Chrome web browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the DevTools suite for web development in the Google Chrome web browser is related to type conversion errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a specially created HTML page...

Open redirect

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirectto with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker t...

WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The plugin does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete the auth key. As a contributo...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtim...

Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0722 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7e061023b7ce Credits Marco Wotschka...

Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0712 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID a0b2e732bd9f Credits Marco Wotschka Requir...

Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e2bdc56150c0 Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0711 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID f6e0caeea0c4 Credits Marco Wotschka Requir...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0726 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b813357081c1 Credits Marco Wotschka...

WordPress Auto Affiliate Links Plugin <= 6.2.1.5 is vulnerable to Privilege Escalation

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.2.1.5 Fixed in 6.2.1.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-45840 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 552906959004 Credits Nguyen Anh Tien...

WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection

Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45370 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aa57ae50e983 Credits Mika Required privilege...