WordPress MainWP Rocket Extension Plugin <= 4.0.3 is vulnerable to Broken Access Control

Software MainWP Rocket Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23648 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4e731e79e4b2 Credits Dave Jong...

WordPress MainWP Post Plus Extension Plugin <= 4.0.3 is vulnerable to Arbitrary Content Deletion

Software MainWP Post Plus Extension Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.1.1 OWASP Top 10 A5: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2023-23666 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 66ca6cd7da00 Credits Dave Jong...

WordPress uTubeVideo Gallery Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software uTubeVideo Gallery Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0151 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5e937ba797ce Credits Lana Codes Requir...

WordPress Judge.me Product Reviews for WooCommerce Plugin < 1.3.21 is vulnerable to Cross Site Scripting (XSS)

Software Judge.me Product Reviews for WooCommerce Type Plugin Vulnerable versions 1.3.21 Fixed in 1.3.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0061 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fda1dafd296...

FiND 安全漏洞

FiND is an application by the German individual developer AenBleidd. A security vulnerability exists in FiND. An attacker exploited the vulnerability to cause a buffer overflow...

WordPress Rich Table of Contents Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Rich Table of Contents Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4551 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2ac49cba0f41 Credits Lana Codes...

Security Vulnerabilities fixed in Firefox ESR 102.7 — Mozilla

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to...

WordPress YaMaps for WordPress Plugin < 0.6.26 is vulnerable to Cross Site Scripting (XSS)

Software YaMaps for WordPress Type Plugin Vulnerable versions 0.6.26 Fixed in 0.6.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0270 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3732d4ef7860 Credits Lana Codes...

WordPress WP Visitor Statistics (Real Time Traffic) Plugin < 6.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Visitor Statistics Real Time Traffic Type Plugin Vulnerable versions 6.5 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4656 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e65b6ec1fb3c Credits...

WordPress MainWP Wordfence Extension Plugin <= 4.0.7 is vulnerable to Broken Access Control

Software MainWP Wordfence Extension Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22699 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID aa51573e0a8b Credits Dave Jong...

WordPress Easy Accept Payments Plugin < 4.9.10 is vulnerable to Cross Site Scripting (XSS)

Software Easy Accept Payments Type Plugin Vulnerable versions 4.9.10 Fixed in 4.9.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0275 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 334f1469f03f Credits Lana Codes...

WordPress Simple URLs Plugin < 115 is vulnerable to SQL Injection

Software Simple URLs Type Plugin Vulnerable versions 115 Fixed in 115 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0098 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ce05d13c3118 Credits dc11 Required privilege Subscriber Published 17 January,...

Mozilla Firefox ESR < 102.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-02 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...

Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. 1 As an Author, upload a picture via http://vulnerable-site.tld/wp-admin/upload.php 2 Press on the new picture's thumbnail to see the attachment's details 3...

WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47605 Patch priority Low CVSS severity Low 8.3 Developer Kunal Nagar PSID 960f40facc61 Credits minhtuanact Required privilege Administrator Published...

WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control

Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...

WordPress Easy Digital Downloads Plugin <= 3.1.0.3 is vulnerable to SQL Injection

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.1.0.3 Fixed in 3.1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23489 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 8ebed23bcf9a Credits Joshua Martinelle Required privilege...

WordPress Map Multi Marker Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Map Multi Marker Type Plugin Vulnerable versions = 3.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47591 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fa0897cb0de Credits minhtuanact Requir...

WordPress ExactMetrics Plugin < 7.12.1 is vulnerable to Cross Site Scripting (XSS)

Software ExactMetrics Type Plugin Vulnerable versions 7.12.1 Fixed in 7.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0082 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5eb38112ee75 Credits Lana Codes Required...