βΌ CVE-2023-23719 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <=Γ 1.3.17 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27606 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <=Γ 1.4.6 versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-34036 βΌ
π Read
via "National Vulnerability Database".
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)ForwardedΓ’β¬Β¦Γ headers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23646 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery Γ’β¬β WordPress Gallery plugin <=Γ 1.4.9 versions.π Read
via "National Vulnerability Database".
β Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)! β
π Read
via "Naked Security".
Zimbra didn't actually say, "Do not delay/Do it today," but they did say, "We kindly request your cooperation to apply the fix manually."π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-27424 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <=Γ 1.59 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2912 βΌ
π Read
via "National Vulnerability Database".
Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2959 βΌ
π Read
via "National Vulnerability Database".
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31851 βΌ
π Read
via "National Vulnerability Database".
Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3186 βΌ
π Read
via "National Vulnerability Database".
The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3376 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36511 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <=Γ 1.6.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37968 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <=Γ 1.3.39 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2701 βΌ
π Read
via "National Vulnerability Database".
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3418 βΌ
π Read
via "National Vulnerability Database".
The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2579 βΌ
π Read
via "National Vulnerability Database".
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35089 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <=Γ 8.0.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3041 βΌ
π Read
via "National Vulnerability Database".
The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35096 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <=Γ 2.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35880 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <=Γ 1.6.49 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31216 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <=Γ 2.6.0 versions.π Read
via "National Vulnerability Database".