‼ CVE-2023-1977 ‼
📖 Read
via "National Vulnerability Database".
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4381 ‼
📖 Read
via "National Vulnerability Database".
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0274 ‼
📖 Read
via "National Vulnerability Database".
The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0058 ‼
📖 Read
via "National Vulnerability Database".
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0551 ‼
📖 Read
via "National Vulnerability Database".
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2225 ‼
📖 Read
via "National Vulnerability Database".
The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1465 ‼
📖 Read
via "National Vulnerability Database".
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1110 ‼
📖 Read
via "National Vulnerability Database".
The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2254 ‼
📖 Read
via "National Vulnerability Database".
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26037 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2123 ‼
📖 Read
via "National Vulnerability Database".
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2122 ‼
📖 Read
via "National Vulnerability Database".
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40351 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32489 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. Â 📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40347 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40342 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32491 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39115 ‼
📖 Read
via "National Vulnerability Database".
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-32490 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38904 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40337 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.📖 Read
via "National Vulnerability Database".