EUVD-2023-58723

Malicious code in bioql PyPI...

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'adminnotices' hook found in class-settings.php. This makes it possible...

CVE-2023-6048

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset...

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Options Reset

The plugin has two AJAX actions, mepwlajaxlicenseactivate and mepwlajaxlicensedeactivate, which are available to both unauthenticated and authenticated users, and are lacking any authorisation, CSRF as well as checks to ensure that the options to be updated belong to the plugin. As a result,...

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Options Reset

The plugin has two AJAX actions, mepwlajaxlicenseactivate and mepwlajaxlicensedeactivate, which are available to both unauthenticated and authenticated users, and are lacking any authorisation, CSRF as well as checks to ensure that the options to be updated belong to the plugin. As a result,...

WordPress Event Manager for WooCommerce plugin <= 3.5.1 - Unauthenticated Arbitrary Options Reset vulnerability

Unauthenticated Arbitrary Options Reset vulnerability discovered by WPScanTeam in WordPress Event Manager for WooCommerce plugin versions = 3.5.1. Solution Update the WordPress Event Manager for WooCommerce plugin to the latest available version at least 3.5.3...