WordPress Youtube Channel Gallery Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Youtube Channel Gallery Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4783 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID d89263cd84d3 Credits István Márton...

WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Broken Authentication

Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Authentication CVE N/A Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 11f0fb541e9a Credits N/A Required privilege...

WordPress Themify Shortcodes Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4787 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 25f866583e9e Credits István Márton...

WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4829 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID a608bae568e8 Credits István...

WordPress MediaElement.js – HTML5 Video & Audio Player Plugin <= 4.2.8 is vulnerable to Cross Site Scripting (XSS)

Software MediaElement.js – HTML5 Video & Audio Player Type Plugin Vulnerable versions = 4.2.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4699 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2aa0c80da566...

WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2022-4765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership...

WordPress Bold Timeline Lite Plugin < 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Bold Timeline Lite Type Plugin Vulnerable versions 1.1.5 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4828 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0317e30acfa3 Credits István Márton...

A Bootiful Podcast: DaShaun Carter: amazing human being, father, friend, engineer, and fellow Spring Developer Advocate

Hi, Spring fans! this episode, we turn it to 11 and ring in the new year with a fantastic human being, father, friend, engineer, and fellow Spring Developer Advocate: DaShaun Carter @dashaun. Happy new year!...

WordPress Passster – Password Protection Plugin < 3.5.5.9 is vulnerable to Broken Access Control

Software Passster – Password Protection Type Plugin Vulnerable versions 3.5.5.9 Fixed in 3.5.5.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-24881 Patch priority Low CVSS severity Low 5.3 Developer Patrick Posner PSID 3b75ba83694c Credits dc11 Required...

WordPress Passster – Password Protection Plugin < 3.5.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Passster – Password Protection Type Plugin Vulnerable versions 3.5.5.8 Fixed in 3.5.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-24837 Patch priority Medium CVSS severity Medium 6.3 Developer Patrick Posner PSID b41d0cd0e690 Credits...

WordPress GS Logo Slider Plugin < 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Software GS Logo Slider Type Plugin Vulnerable versions 3.3.8 Fixed in 3.3.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4624 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cf767b7a3829 Credits István Márton Require...

WordPress Genesis Columns Advanced Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Genesis Columns Advanced Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4706 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID f94799f31fa9 Credits István Márt...

WordPress Top 10 Plugin < 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Top 10 Type Plugin Vulnerable versions 3.2.3 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4570 Patch priority Medium CVSS severity Medium 6.3 Developer WebberZone PSID f49ce51b95e1 Credits István Márton Required privilege...

dht 安全漏洞

dht is a library that implements the bittorrent DHT protocol in Go by the individual developer Lime. A security vulnerability exists in dht. An attacker could exploit this vulnerability to cause a denial of service on the system...

WordPress User Verification Plugin < 1.0.94 is vulnerable to Bypass Vulnerability

Software User Verification Type Plugin Vulnerable versions 1.0.94 Fixed in 1.0.94 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2022-4693 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 89cd3dc7d831 Credits István Márton Required...

WordPress WP Popups Plugin < 2.1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Popups Type Plugin Vulnerable versions 2.1.4.8 Fixed in 2.1.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4716 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID ab1421d0287e Credits István Márton Required...

WordPress Optimize images ALT Text (alt tag) & names for SEO using AI Plugin < 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Optimize images ALT Text alt tag & names for SEO using AI Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4548 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Print-O-Matic Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Print-O-Matic Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4753 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 27083e2d8927 Credits István Márton Required...

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. PoC Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user,...

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user, then...