PT-2023-9458

Name of the Vulnerable Software and Affected Versions @babel/traverse versions prior to 7.23.2 and 8.0.0-alpha.4 babel-traverse all versions Description The issue is related to the path.evaluate or path.evaluateTruthy internal Babel methods. Using Babel to compile code that was specifically craft...

SUSE-RU-2023:3956-1 Recommended update for mariadb104

This update for mariadb104 fixes the following issues: - Implement version 10.4 of MariaDB jscPED-2455: It is possible to use more than one authentication plugin for each user account. The root user account is being created with the ability to use two authentication plugins. All user accounts,...

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

CVE-2023-25989 Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

PT-2023-20413 · Meks · Meks Audio Player +9

Name of the Vulnerable Software and Affected Versions: Meks Video Importer affected versions not specified Meks Time Ago affected versions not specified Meks ThemeForest Smart Widget affected versions not specified Meks Smart Author Widget affected versions not specified Meks Audio Player affecte...

The vulnerability of the check_by_ssh.c component in the Nagios-plugins monitoring system allows a hacker to execute arbitrary commands.

The vulnerability of the checkbyssh.c component of the Nagios-plugins monitoring system relates to the lack of measures taken to neutralize special elements used in operating systems’ command lines. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by...

CVE-2023-44264

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...

CVE-2023-44264

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...

CVE-2023-44264 WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...

CVE-2023-44264 WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...

CVE-2023-44264

CVE-2023-44264 is a stored XSS vulnerability in the WordPress plugin “The Awesome Feed – Custom Feed” (aka wp-facebook-feed) affecting versions

CVE-2023-41797

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gold Plugins Locations plugin = 4.0 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gold Plugins Locations plugin = 4.0 versions...

CVE-2023-41797

CVE-2023-41797 : The WordPress plugin Locations (Gold Plugins Locations) , affected in versions &lt;= 4.0, contains a Stored Cross-Site Scripting (XSS) vulnerability. Connected sources confirm the issue affects the Locations plugin with contributor+ (and higher) roles storing scripts that can be ...

CVE-2023-41797 WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gold Plugins Locations plugin = 4.0 versions...

PT-2023-28097 · Gold Plugins · Gold Plugins Locations

Name of the Vulnerable Software and Affected Versions: Gold Plugins Locations plugin versions prior to 4.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to be stored...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)

Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

SUSE: Security Advisory (SUSE-SU-2023:3801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...