WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45808 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c30856175358 Credits Fadilah Agung Nugraha Required privilege...

WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Participants Database Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47612 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2aed529173b0 Credits rezaduty...

WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Category Specific RSS feed Subscription Type Plugin Vulnerable versions = v2.1 Fixed in v2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22691 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aed3a951c25f Credi...

WordPress WP eBay Product Feeds Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP eBay Product Feeds Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23722 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 951d668c8f74 Credits yuyudhn Required...

WordPress Booking Calendar Plugin <= 9.4.3 is vulnerable to SQL Injection

Software Booking Calendar Type Plugin Vulnerable versions = 9.4.3 Fixed in 9.4.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23991 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 35338ed5afc5 Credits Rafshanzani Suhada Required privilege...

WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23981 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1354354e56fe Credits Rio...

WordPress Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Image Hover Effects For WPBakery Page Builder Type Plugin Vulnerable versions = 4.0 Fixed in 5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23681 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2843dca604e1 Credi...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Broken Access Control

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23975 Patch priority Low CVSS severity Low 5.3 Developer Fullworks Plugins PSID 7294748abf10 Credits yuyudhn Required...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23979 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID c7609f23707d Credits yuyudhn...

WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Google Map Plugin Type Plugin Vulnerable versions = 4.3.9 Fixed in 4.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a087af02892c Credits Rafshanzani Suhada...

WordPress Essential Blocks for Gutenberg Plugin <= 3.8.5 is vulnerable to Broken Access Control

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 3.8.5 Fixed in 3.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47594 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 63aa473b136c Credits Lucio Sá...

WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software PixelYourSite – Your smart PIXEL TAG Manager Type Plugin Vulnerable versions = 9.3.0 Fixed in 9.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-22700 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf76bce3f34...

WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Polish Map Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23821 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID be3ac8b7a0a2 Credits Rio Darmawan...

WordPress WP Client Reports Plugin <= 1.0.16 is vulnerable to Sensitive Data Exposure

Software WP Client Reports Type Plugin Vulnerable versions = 1.0.16 Fixed in 1.0.17 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-23978 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a6f275a92fe Credits Rafshanzani Suhada...

WordPress RapidLoad Power-Up for Autoptimize Plugin <= 1.6.35 is vulnerable to SQL Injection

Software RapidLoad Power-Up for Autoptimize Type Plugin Vulnerable versions = 1.6.35 Fixed in 1.6.36 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47593 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 27636a206a9e Credits Le Ngoc Anh Required...

WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS)

Software MailOptin Type Plugin Vulnerable versions = 1.2.54.0 Fixed in 1.2.54.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23980 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 215c7eb57abe Credits yuyudhn Required...

WordPress Login with phone number Plugin < 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Login with phone number Type Plugin Vulnerable versions 1.4.2 Fixed in 1.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23492 Patch priority High CVSS severity High 7.1 Developer Hamid Alinia PSID e0aace0379ac Credits Joshua Martinelle...

A Bootiful Podcast: Dr. Amanda Martin, Gradle developer advocate

Hi, Spring fans! In this installment, Josh Long @starbuxman talks with Gradle developer advocate Dr. Amanda Martin @DrAmandaLMartin...

CVE-2023-23599

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

WordPress YARPP Plugin <= 5.30.2 is vulnerable to Cross Site Scripting (XSS)

Software YARPP Type Plugin Vulnerable versions = 5.30.2 Fixed in 5.30.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2022-4471 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60c430d55f43 Credits István Márton Required...