Porto Theme - Functionality < 2.12.1 - Missing Authorization

Description The Porto Theme - Functionality plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to perform an unauthorized...

Themify Ultra < 7.3.6 - Missing Authorization

Description The Themify Ultra theme for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 7.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to ma...

WPCafe < 2.2.23 - Missing Authorization

Description The plugin is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make use of the unprotected functionality...

WP Directory Kit < 1.2.7 - Missing Authorization

Description The WP Directory Kit plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on one of its functions in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to make use of functionality intended...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to Broken Access Control

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48739 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID aa73939ac882 Credits Rafie...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48738 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5a7e2b4a3331 Credits Rafie Muhammad Patchstack Required...

CVE-2023-5314

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal...

Design/Logic Flaw

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal...

CVE-2023-5314 WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal...

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396...

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...

Design/Logic Flaw

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396...

CVE-2023-5921

CVE-2023-5921 affects DECE Software Geodi prior to version 8.0.0.27396. The issue is described as an improper enforcement of behavioral workflow that allows a functionality bypass . The material explicitly ties this to Geodi and a version boundary; no exploit details are provided. The recommended...

CVE-2023-48221

wire-avs provides Audio, Visual, and Signaling AVS functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has bee...

CVE-2023-48221

CVE-2023-48221 affects wire-avs (AVS component of Wire). A remote format string vulnerability in Wire’s AVS prior to versions 9.2.22 and 9.3.5 could potentially cause a denial of service or, possibly, execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 and 9.3.5 and is already inc...

Security update for yt-dlp (moderate)

openSUSE Security Update: Security update for yt-dlp Announcement ID: openSUSE-SU-2023:0374-1 Rating: moderate References: 1213124 1216467 Cross-References: CVE-2023-35934 CVE-2023-46121 CVSS scores: CVE-2023-35934 NVD : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: openSUSE...

CVE-2023-48078

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...

CVE-2023-48078

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...

Null pointer dereference

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...