CVE-2023-23876

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in TMS-Plugins wpDataTables plugin = 2.1.49 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in TMS-Plugins wpDataTables plugin = 2.1.49 versions...

CVE-2023-23876 WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in TMS-Plugins wpDataTables plugin = 2.1.49 versions...

CVE-2023-23876

CVE-2023-23876 relates to a stored XSS vulnerability in the WordPress plugin wpDataTables (TMS-Plugins) versions 2.1.49. Public references indicate the impact is limited to this plugin/version range; no exploits or in-the-wild details are provided in the provided documents.

CVE-2023-1196

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1196

The CVE-2023-1196 entry concerns the Advanced Custom Fields (ACF) Free and Pro WordPress plugins. Affected versions are 5.x before 5.12.5 and 6.x before 6.1.0. The root cause is unserialize of user-controllable data, enabling PHP Object Injection when a suitable gadget is present. Valid risk is t...

CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Plugins List Type Plugin Vulnerable versions = 2.5 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31232 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aa0ba87f0fd0 Credits Yuki Haruma Required privile...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 17, 2023 to Apr 23, 2023)

Last week, there were 152 vulnerabilities disclosed in 134 WordPress Plugins and 0 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week. There were more unpatched...

CVE-2023-1420

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...

CVE-2023-1420

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...

CVE-2022-47598

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Plugins Pro WP Super Popup plugin = 1.1.2 versions...

CVE-2022-47598

This CVE concerns the WordPress WP Super Popup plugin (versions ≤ 1.1.2). The vulnerability is a Stored Cross-Site Scripting (XSS) that requires admin+ privileges to exploit. Multiple sources (NVD, Red Hat, WPVulnDB, PatchStack) describe the impact as XSS affecting settings handling, with exploit...

CVE-2023-30618

The CVE-2023-30618 issue affects Kitchen-Terraform, where v7.0.0 regressed to print all Terraform output values, including sensitive ones, at the info level during kitchen converge. This is a local-access disclosure risk, since logs on the attacker’s host could contain sensitive data. Affected co...

CVE-2023-30618 Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 10, 2023 to Apr 16, 2023)

Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Stock Exporter for WooCommerce Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30871 Patch priority Medium CVSS severity Medium 7.1 Developer PT Woo Plugins by Webdados PSID 0972015716d1...

CVE-2023-1282

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the...