WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion

Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...

WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Dyslexiefont Free Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32589 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fb7c8442b1dc Credits Yash Kanchhal...

WordPress Newsletter Popup Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Popup Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0733 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3312adcb21e4 Credits Lana Codes Required...

WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7183b75ec323 Credits Rafie Muhammad...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32239 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID 157d641b350c Credits Dave Jong Patchstack Required...

WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.18 Fixed in 3.9.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-32576 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48ffad270d6d Credits Abdi...

PT-2023-23376 · Motorola · Motorola Cx2L Router

Name of the Vulnerable Software and Affected Versions: Motorola CX2L Router version 1.0.1 Description: A command injection issue was found in the Motorola CX2L Router, specifically via the smartqos priority devices parameter. This allows for potential command injection attacks. Recommendations: F...

WordPress WP Replicate Post Plugin <= 4.0.2 is vulnerable to SQL Injection

Software WP Replicate Post Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2237 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 93caeb59c55f Credits Marco Wotschka Required privilege Contributor...

WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Forget About Shortcode Buttons Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32579 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 97c2cfa92f61 Credits István Márton...

WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure

Software Download Monitor Type Plugin Vulnerable versions = 4.7.60 Fixed in 4.7.70 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-45354 Patch priority Low CVSS severity Low 5.3 Developer WPChill PSID 4dbbcebe007d Credits Rafie Muhammad Patchstack...

WordPress Team Circle Image Slider With Lightbox Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)

Software Team Circle Image Slider With Lightbox Type Plugin Vulnerable versions = 1.0.17 Fixed in 1.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2604 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4f6a23b77029 Credi...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32516 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.23.1 is vulnerable to Broken Access Control

Software YITH WooCommerce Gift Cards Premium Type Plugin Vulnerable versions = 3.23.1 Fixed in 3.24.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-44633 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9a5270f7dbc9 Credits...

WordPress WCP Contact Form Plugin <= 3.1.0 is vulnerable to Broken Access Control

Software WCP Contact Form Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32520 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 37d423cfc955 Credits thiennv Required privilege...

WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.3 is vulnerable to Open Redirection

Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.3 Fixed in 4.0.9.4 OWASP Top 10 A6: Security Misconfiguration Classification Open Redirection CVE CVE-2023-32517 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID c02b44f266ce Credits minhtuanact...

kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering

A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...

kernel: ip: Fix data-races around sysctl_ip_fwd_update_priority.

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctlipfwdupdatepriority. While reading sysctlipfwdupdatepriority, it can be changed concurrently. Thus, we need to add READONCE to its readers...

kernel: vlan: fix memory leak in vlan_newlink()

In the Linux kernel, the following vulnerability has been resolved: vlan: fix memory leak in vlannewlink Blamed commit added back a bug I fixed in commit 9bbd917e0bec "vlan: fix memory leak in vlandevsetegresspriority" If a memory allocation fails in vlanchangelink after other allocations...

kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering

A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...

WordPress wordpress vertical image slider plugin Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Software wordpress vertical image slider plugin Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24413 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da3e59a78609...