WordPress plugin BuddyPress Members Only security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin BuddyPress Members...

PT-2024-15951 · WordPress · Buddypress Members Only

Name of the Vulnerable Software and Affected Versions: BuddyPress Members Only plugin for WordPress versions up to, and including, 3.3.5 Description: The issue allows unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature and view...

WordPress Load More Anything plugin <= 3.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Load More Anything versions = 3.3.5...

CVE-2023-38388

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5...

Cross-site Scripting in livewire/livewire

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ac06dff1976c Credits Nguyen Xuan...

CVE-2023-47755

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AazzTech WooCommerce Product Carousel Slider plugin = 3.3.5 versions...

WordPress WooCommerce Product Carousel Slider Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Carousel Slider Type Plugin Vulnerable versions = 3.3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47755 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ded670494bbe Credits Abdi...

CVE-2023-40558

Cross-Site Request Forgery CSRF vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin = 3.3.5 versions...

CVE-2023-33180

Xibo is a content management system CMS. An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the /display/map API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted valu...

Sql injection

Xibo is a content management system CMS. An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the nameFilter function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafte...

CVE-2023-33180 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS display map

Xibo is a content management system CMS. An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the /display/map API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted valu...

CVE-2023-33180 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS display map

Xibo is a content management system CMS. An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the /display/map API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted valu...

Sql injection

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...

PT-2023-24193 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 2.3.17 Xibo versions prior to 3.3.5 Description: A path traversal vulnerability exists in the Xibo CMS, allowing a specially crafted zip file to be uploaded via the layout import function by an authenticated user. This...

UBUNTU-CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

SUSE CVE-2012-2384

Integer overflow in the i915gemdoexecbuffer function in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service out-of-bounds write or possibly have unspecified othe...

WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software eCommerce Product Catalog Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25049 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0a25dfcf24b7 Credits Abdi Pranata...