572 matches found
WordPress Slider a SlidersPack Plugin <= 2.0.2 is vulnerable to Broken Access Control
Software Slider a SlidersPack Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46845 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b8f7f4a77e50 Credits Cat Required privilege...
WordPress DirectoryPress Plugin <= 3.6.2 is vulnerable to Broken Access Control
Software DirectoryPress Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37967 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4392bc7ad6f Credits Abdi Pranata Required...
CVE-2023-22906
creationtimestamp| type| source ---|---|--- 2023-07-08 23:30:14+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4708 2023-07-09 13:03:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8637 2023-07-09 14:13:16+00:00| published-proof-of-concept|...
WordPress Secondary Title Plugin <= 2.0.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Secondary Title Type Plugin Vulnerable versions = 2.0.9.1 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28773 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7e2f601fb066 Credits TaeEun Lee Required...
WordPress Companion Sitemap Generator – HTML & XML Plugin < 4.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Companion Sitemap Generator – HTML & XML Type Plugin Vulnerable versions 4.5.3 Fixed in 4.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c5448d43a2a...
WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)
Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...
WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection
Software Contact Form to DB by BestWebSoft Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d7318d25ca7b Credits LEE SE HYOUNG hackintoanetwork...
WordPress Atarim Plugin <= 3.9.1 is vulnerable to Broken Access Control
Software Atarim Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 8.2 Developer Atarim PSID 7b9f3a87aa7b Credits N/A Required privilege Unauthenticated Published 23 June...
WordPress Quiz Maker Plugin < 6.4.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Quiz Maker Type Plugin Vulnerable versions 6.4.2.7 Fixed in 6.4.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2571 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a73265b24616 Credits Erwan LR WPScan Required...
About the security content of iOS 16.5.1 and iPadOS 16.5.1
About the security content of iOS 16.5.1 and iPadOS 16.5.1 This document describes the security content of iOS 16.5.1 and iPadOS 16.5.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
WordPress Contact Form by WD Plugin <= 1.15.16 is vulnerable to Broken Access Control
Software Contact Form by WD Type Plugin Vulnerable versions = 1.15.16 Fixed in 1.15.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 1b7f926114eb Credits Unknown Required privilege...
WordPress MStore API Plugin < 3.9.6 is vulnerable to Broken Access Control
Software MStore API Type Plugin Vulnerable versions 3.9.6 Fixed in 3.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f9c3e8cc268b Credits Unknown Required privilege Subscriber Publish...
WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)
Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.93 Fixed in 3.3.94 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-34373 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 598837ada134 Credits...
WordPress Directorist Plugin <= 7.5.4 is vulnerable to Privilege Escalation
Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-1888 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3e2d4eebdb38 Credits Alex Thomas Required privilege...
CVE-2023-33781
creationtimestamp| type| source ---|---|--- 2023-06-05 06:48:53+00:00| published-proof-of-concept| https://t.me/dilagrafie/3076 2023-09-22 16:33:12+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8426...
WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication
Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...
WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Flickr Justified Gallery Type Plugin Vulnerable versions = 3.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25473 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e930ab154fff Credits Mika Required...
About the security content of Pro Video Formats 2.2.5
About the security content of Pro Video Formats 2.2.5 This document describes the security content of Pro Video Formats 2.2.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
WordPress Leyka Plugin <= 3.30.2 is vulnerable to Privilege Escalation
Software Leyka Type Plugin Vulnerable versions = 3.30.2 Fixed in 3.30.3 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2023-33327 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 83c2b21f0549 Credits Nguyen Anh Tien Required privilege...
WordPress MetroStore Theme <= 1.3.2 is vulnerable to Broken Access Control
Software MetroStore Type Theme Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID d697dae9407a Credits Dave Jong Patchstack Required...