Debian: Security Advisory (DLA-321-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin CMP–Coming Soon & Maintenance 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them PoC Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mod...

CVE-2023-0212

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2023-0212 Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2023-0212 Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

PT-2023-16089 · WordPress · Advanced Recent Posts

Name of the Vulnerable Software and Affected Versions: Advanced Recent Posts WordPress plugin versions 0.6.14 and earlier Description: The issue arises from the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

WordPress plugin Advanced Recent Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

CVE-2023-26510

Ghost 5.35.0 exposes an authorization bypass where contributors can view draft posts of other users. The root cause is described as improper authorization management, with the vendor stating this behavior has no security impact. Documented sources from Red Hat, OSV, PT Security, PRION, and NVD co...

CVE-2023-26510

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no...

PT-2023-20690 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost version 5.35.0 Description: The issue allows contributors to view draft posts of other users, which may be inconsistent with a security policy where a contributor's draft should only be readable by editors until published. The vendor do...

WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...

CVE-2023-1026

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

Design/Logic Flaw

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

PT-2023-16698 · WordPress · Wp Meta Seo

Name of the Vulnerable Software and Affected Versions: WP Meta SEO plugin for WordPress versions up to, and including, 4.5.3 Description: The issue arises from a missing capability check on the listPostsCategory function, allowing authenticated attackers with subscriber-level access to obtain pos...

Improper Authorization

pixelfed/pixelfed is vulnerable to Improper Authorization. The vulnerability exists due to a lack of permission checks in the store function of BookmarkController.php, which allows a remote attacker bypass the authorization mechanism to view private posts...

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria By Daksh Kapur · February 23, 2023 Figure 1 image from freepik.com & flaticon.com The recent earthquake that shook Syria and Turkey left a devastating trail of destruction. The whole world has shown its support and...