CVE-2023-36097

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

Design/Logic Flaw

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023)

Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

CVE-2019-25152

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...

PT-2023-12446 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns over 70 plugins and themes that are vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed. Recommendation...

cn.dev33:sa-token-dao-redisx (>=1.30.0 <=1.30.0.RC), cn.dev33:sa-token-solon-plugin (>=1.20.0 <=1.35.0.RC) +442 more potentially affected by CVE-2023-35839 via org.noear:solon (>=1.0.10 <=2.3.3-M3)

org.noear:solon MAVEN version =1.0.10, =1.30.0, =1.20.0, =1, =1, =1, =4.1.0, =1.5.29, =1.0.0, =1.0.0, =3.2.0, =1.0.8, =3.0.0-M6, =1.0.9, =1.7.3 and more Source cves: CVE-2023-35839 Source advisory: OSV:GHSA-7Q8C-49F4-4C8Q...

Multiple Plugins - Cross-Site Scripting From Third-party Library

The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. PoC WP-Optimize - Reflected Cross-Site Scripting 1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image". 2...

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...

ch.sourcemotion.gradle.vertx.hermes:ch.sourcemotion.gradle.vertx.hermes.gradle.plugin (=0.0.1), ch.sourcemotion.gradle:vertx-hermes-gradle-plugin (=0.0.1) +30 more potentially affected by CVE-2023-34615 via net.pwall.json:jsonutil (>=2.0 <=5.0)

net.pwall.json:jsonutil MAVEN version =2.0, =0.1.0, =0.6.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.68, =0.31, =0.68, =0.1, =0.6.1 and more Source cves: CVE-2023-34615 Source advisory: OSV:GHSA-W2RR-WVH9-M2M7...

CVE-2023-34754

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-34396 via org.apache.struts:struts2-core (>=6.0.0 <=6.1.2)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-34396 Source advisory: OSV:GHSA-4G42...

bloofoxCMS SQL注入漏洞

bloofoxCMS is bloofox bloofoxCMS individual developers of a Php-based text content management system. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which stems from a pid parameter found to contain an SQL injection vulnerability via...

CVE-2023-2362

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

CVE-2023-2362

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

Cross site scripting

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

CVE-2023-2362 Multiple Plugins from Wow-Company - Reflected XSS

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

CVE-2023-2362 Multiple Plugins from Wow-Company - Reflected XSS

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

CVE-2023-2767 WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2021-4337

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...