5106 matches found
WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Broken Access Control
Software Easy Captcha Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33324 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5defd63e8fe5 Credits Skalucy Required privilege...
WordPress is vulnerable to Content Injection
Software WordPress Type WordPress Core Vulnerable versions = 6.2.1 Fixed in 6.2.2 OWASP Top 10 A1: Injection Classification Content Injection CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 75b3c88a5b55 Credits N/A Required privilege Unauthenticated Published 22 Ma...
WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Broken Access Control
Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 35a3839f18ce Credits Lana Codes Required...
WordPress Leyka Plugin <= 3.30.2 is vulnerable to Privilege Escalation
Software Leyka Type Plugin Vulnerable versions = 3.30.2 Fixed in 3.30.3 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2023-33327 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 83c2b21f0549 Credits Nguyen Anh Tien Required privilege...
WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software JetFormBuilder Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33212 Patch priority Low CVSS severity Low 4.3 Developer Crocoblock PSID 7e5a8125e34f Credits Nguyen Xuan Chien Require...
WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload
Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.40 Fixed in 4.9.50 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-33318 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c6e0ffcab096 Credits Rafie Muhammad...
WordPress Simple Page Ordering Plugin <= 2.5.0 is vulnerable to Broken Access Control
Software Simple Page Ordering Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bde37994ef19 Credits Mika Required privilege...
WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Better Notifications for WP Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32964 Patch priority Low CVSS severity Low 4.3 Developer Made with Fuel Ltd. PSID 72f7e05deec7 Credits...
WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS)
Software Jazz Popups Type Plugin Vulnerable versions = 1.8.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32965 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4896990e199e Credits thiennv Required privilege...
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logica...
WordPress BP Social Connect Plugin <= 1.5 is vulnerable to Broken Access Control
Software BP Social Connect Type Plugin Vulnerable versions = 1.5 Fixed in 1.6.2 OWASP Top 10 A2: Broken Authentication Classification Broken Access Control CVE CVE-2023-2704 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7c30551eab88 Credits Lana Codes Required privileg...
WordPress is vulnerable to Directory Traversal
Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...
WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2757 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e454859cceb Credits István...
kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering
A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...
kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering
A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...
WordPress Fitness Park Theme <= 1.0.6 is vulnerable to Broken Access Control
Software Fitness Park Type Theme Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 10be7ca03521 Credits Dave Jong Patchstack Required...
WordPress Kingcabs Theme <= 1.1.6 is vulnerable to Broken Access Control
Software Kingcabs Type Theme Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 2d230f2e2cbf Credits Dave Jong Patchstack Required...
WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...
WordPress Craft Blog Theme <= 1.0.7 is vulnerable to Broken Access Control
Software Craft Blog Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 962dfabf18a9 Credits Dave Jong Patchstack Required...
WordPress SparkleStore Theme <= 1.6.0 is vulnerable to Broken Access Control
Software SparkleStore Type Theme Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID eac4d697c839 Credits Dave Jong Patchstack Required...