βΌ CVE-2022-47379 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4048 βΌ
π Read
via "National Vulnerability Database".
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.π Read
via "National Vulnerability Database".
π’ Breach at US Transportation Department exposes 240,000 employee records π’
π Read
via "ITPro".
An investigation is underway into the breach, which affected former and current employee data π Read
via "ITPro".
IT Pro
Breach at US Transportation Department exposes 240,000 employee records
An investigation is underway into the breach, which affected former and current employee data
π΄ Microsoft Advisories Are Getting Worse π΄
π Read
via "Dark Reading".
A predictable patch cadence is nice, but the software giant can do more.π Read
via "Dark Reading".
Dark Reading
Microsoft Advisories Are Getting Worse
A predictable patch cadence is nice, but the software giant can do more.
π΄ TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline π΄
π Read
via "Dark Reading".
US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.π Read
via "Dark Reading".
Dark Reading
TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline
US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.
βΌ CVE-2023-1549 βΌ
π Read
via "National Vulnerability Database".
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is presentπ Read
via "National Vulnerability Database".
βΌ CVE-2023-23688 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <=Γ 4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23674 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOLA WP Original Media Path plugin <=Γ 2.4.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0762 βΌ
π Read
via "National Vulnerability Database".
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1915 βΌ
π Read
via "National Vulnerability Database".
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0644 βΌ
π Read
via "National Vulnerability Database".
The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0600 βΌ
π Read
via "National Vulnerability Database".
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1890 βΌ
π Read
via "National Vulnerability Database".
The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1596 βΌ
π Read
via "National Vulnerability Database".
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0892 βΌ
π Read
via "National Vulnerability Database".
The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-31986 βΌ
π Read
via "National Vulnerability Database".
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2179 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for exampleπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0490 βΌ
π Read
via "National Vulnerability Database".
The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0761 βΌ
π Read
via "National Vulnerability Database".
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0233 βΌ
π Read
via "National Vulnerability Database".
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2009 βΌ
π Read
via "National Vulnerability Database".
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".