WordPress BackupBuddy Plugin < 8.8.3 is vulnerable to Cross Site Scripting (XSS)

Software BackupBuddy Type Plugin Vulnerable versions 8.8.3 Fixed in 8.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4897 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID befef1967b69 Credits WPScan Required privilege...

WordPress GS Books Showcase Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software GS Books Showcase Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0541 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7768af0764d3 Credits István Márton...

WordPress ContentStudio Plugin < 1.2.6 is vulnerable to Other Vulnerability Type

Software ContentStudio Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification Other Vulnerability Type CVE CVE-2023-0556 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 3749f412d25d Credits Marco Wotschka Required privilege...

WordPress JobBoardWP – Job Board Listings and Submissions Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR)

Software JobBoardWP – Job Board Listings and Submissions Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23715 Patch priority Low CVSS severity Low 5.2 Developer Claim ownership PSID...

WordPress BNE Testimonials Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software BNE Testimonials Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24411 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1185eecd82c Credits Rafshanzani Suhada...

WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Olevmedia Shortcodes Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0168 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 576499d3655f Credits István Márton...

WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Table Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47602 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 400e13da24ca Credits Cat Required...

WordPress WPComplete Plugin <= 2.9.4 is vulnerable to Cross Site Scripting (XSS)

Software WPComplete Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45825 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 7b4f1b832a39 Credits minhtuanact Required privile...

WordPress Client Logo Carousel Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Client Logo Carousel Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7a95db4d0d5d Credits Unknown Required...

WordPress Welcart e-Commerce Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Welcart e-Commerce Type Plugin Vulnerable versions = 2.8.10 Fixed in 2.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22705 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 009875894ecf Credits Le Ngoc Anh...

WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Broken Access Control

Software WP Table Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47601 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dd961e3e7567 Credits Cat Required privilege...

WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Material Design Icons for Page Builders Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca964ff46b5b Credits...

WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47148 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00a0d1fb8074...

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Bypass Vulnerability

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-24373 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 23810638f6a6 Credi...

WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Software Glossary Type Plugin Vulnerable versions = 2.1.27 Fixed in 2.1.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24378 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7470ca4b443e Credits Rafshanzani Suhada Required...

A Bootiful Podcast: GraalVM advocate Alina Yurenko on a Bootiful Podcast

Liiiive from New York, its a Bootiful Podcast! This week I @starbuxman talk to Developer Advocate for GraalVM at Oracle Labs, and legend, Alina Yurenko @alinayurenko...

GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database

Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition GUAC aggregates software security metadata into a high fidelity graph database—normalizing entity identiti...

WordPress Juicer Plugin < 1.11 is vulnerable to Cross Site Scripting (XSS)

Software Juicer Type Plugin Vulnerable versions 1.11 Fixed in 1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0172 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2865095a364d Credits István Márton Required privileg...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

WordPress WP Responsive Testimonials Slider And Widget Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Responsive Testimonials Slider And Widget Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4750 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 98b84c639eda...