WordPress Simple Page Ordering Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Simple Page Ordering Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bde37994ef19 Credits Mika Required privilege...

WordPress BP Social Connect Plugin <= 1.5 is vulnerable to Broken Access Control

Software BP Social Connect Type Plugin Vulnerable versions = 1.5 Fixed in 1.6.2 OWASP Top 10 A2: Broken Authentication Classification Broken Access Control CVE CVE-2023-2704 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7c30551eab88 Credits Lana Codes Required privileg...

WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Jazz Popups Type Plugin Vulnerable versions = 1.8.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32965 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4896990e199e Credits thiennv Required privilege...

WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Better Notifications for WP Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32964 Patch priority Low CVSS severity Low 4.3 Developer Made with Fuel Ltd. PSID 72f7e05deec7 Credits...

swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logica...

WordPress is vulnerable to Directory Traversal

Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...

WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2757 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e454859cceb Credits István...

kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering

A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...

kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering

A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...

WordPress Predictive Search Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Predictive Search Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 94b9c33947a8 Credits Unknown Required privilege...

WordPress Fitness Park Theme <= 1.0.6 is vulnerable to Broken Access Control

Software Fitness Park Type Theme Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 10be7ca03521 Credits Dave Jong Patchstack Required...

WordPress SparkleStore Theme <= 1.6.0 is vulnerable to Broken Access Control

Software SparkleStore Type Theme Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID eac4d697c839 Credits Dave Jong Patchstack Required...

WordPress MetroStore Theme <= 1.3.2 is vulnerable to Broken Access Control

Software MetroStore Type Theme Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID d697dae9407a Credits Dave Jong Patchstack Required...

WordPress Kingcabs Theme <= 1.1.6 is vulnerable to Broken Access Control

Software Kingcabs Type Theme Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 2d230f2e2cbf Credits Dave Jong Patchstack Required...

WordPress Craft Blog Theme <= 1.0.7 is vulnerable to Broken Access Control

Software Craft Blog Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 962dfabf18a9 Credits Dave Jong Patchstack Required...

WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...

WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS)

Software WP SMS Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32742 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID aa3cfae9ba33 Credits Le Ngoc Anh Required...

WordPress Custom 404 Pro Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom 404 Pro Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32740 Patch priority Medium CVSS severity Medium 5.8 Developer Kunal Nagar PSID 5d146d112b61 Credits LEE SE HYOUNG...

WordPress video carousel slider with lightbox Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Software video carousel slider with lightbox Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32797 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 914412fc8def...

WordPress WP Multi Store Locator Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Multi Store Locator Type Plugin Vulnerable versions = 2.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0152 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dcc1d96fdaf2 Credits Lana Codes...