CVE-2023-6063

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

Fedora 14 : mediawiki-1.16.5-59.fc14 (2011-6774)

MediaWiki 1.16.5 was released to correct two security flaws : The first issue is yet another recurrence of the Internet Explorer 6 XSS vulnerability that caused the release of 1.16.4. It was pointed out that there are dangerous extensions with more than four characters, so the regular expressions...