2moons SQL注入漏洞

2moons is an application by oktora24 Individual Developer. 2moons has a SQL injection vulnerability that stems from a vulnerability found in oktora24 2moons that is categorized as critical. An unknown function is affected. The operation results in sql injection...

WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF)

Software Admin Log Type Plugin Vulnerable versions = 1.50 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23721 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5b0513f078ee Credits Mika Required privilege...

WordPress User Meta Manager Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software User Meta Manager Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d307e7329c6e Credits minhtuanact...

WordPress Themify Portfolio Post Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Portfolio Post Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0362 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c14d4085b20e Credits Lana Codes...

Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a...

WordPress Page Loading Effects Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Page Loading Effects Type Plugin Vulnerable versions = 2.0.0 Fixed in 3.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23718 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 68ff95331eeb Credits yuyudhn Required...

WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Broken Access Control

Software URL Shortener by MyThemeShop Type Plugin Vulnerable versions = 1.0.17 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23896 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e643a0198210 Credits István Márt...

WordPress Camera slideshow Plugin <= 1.4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Camera slideshow Type Plugin Vulnerable versions = 1.4.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a784f0137b80 Credits thiennv Required...

What’s New for Developers: 2022 Recap

Read the year-end review of developer highlights for 2022...

WordPress GiveWP Plugin <= 2.23.2 is vulnerable to SQL Injection

Software GiveWP Type Plugin Vulnerable versions = 2.23.2 Fixed in 2.24.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0224 Patch priority High CVSS severity High 8.2 Developer Liquid Web / StellarWP PSID 3f057c60656c Credits dc11 Required privilege Unauthenticated Publishe...

Security Vulnerabilities fixed in Thunderbird 102.7 — Mozilla

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. Due to the Thunderbird GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call...

phoenixcf SQL注入漏洞

phoenixcf is an application by iamdroppy Personal Developer. phoenixcf suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to cause a sql injection...

WordPress TemplatesNext ToolKit Plugin < 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software TemplatesNext ToolKit Type Plugin Vulnerable versions 3.2.9 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9f3110209bb9 Credits WPScan Require...

WordPress Location Weather Plugin < 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Location Weather Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0360 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1547b60d4821 Credits Lana Codes Required...

WordPress Better Font Awesome Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Better Font Awesome Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4512 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3f338a1f451d Credits Lana Codes...

UBUNTU-CVE-2023-23599

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index PyPI repository that are designed to drop malware on compromised developer systems. The packages – named colorslib versions 4.6.11 and 4.6.12, httpslib versions 4.6.9 and 4.6.11, and libhttps version...

WordPress MainWP Article Uploader Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Article Uploader Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23742 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e674bdb18c0f Credits Dave Jong...

WordPress MainWP White Label Extension Plugin <= 4.1.1 is vulnerable to Broken Access Control

Software MainWP White Label Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23748 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4cf93d58a995 Credits Dave Jong...

WordPress MainWP Clone Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Clone Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23642 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID fedefb75fe08 Credits Dave Jong...