βΌ CVE-2023-39991 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <=Γ 3.0.0-beta.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37393 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management Γ’β¬β Atarim plugin <=Γ 3.9.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4615 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.π Read
via "National Vulnerability Database".
π΄ Realism Reigns on AI at Black Hat and DEF CON π΄
π Read
via "Dark Reading".
Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings. π Read
via "Dark Reading".
Dark Reading
Realism Reigns on AI at Black Hat and DEF CON
Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings.
βΌ CVE-2023-4269 βΌ
π Read
via "National Vulnerability Database".
The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40197 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <=Γ 1.9.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30485 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider Γ’β¬β Avartan Slider Lite plugin <=Γ 1.5.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32296 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu para WooCommerce plugin <=Γ 2.2.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4216 βΌ
π Read
via "National Vulnerability Database".
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-40205 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgrade PixTypes plugin <=Γ 1.4.15 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32102 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <=Γ 2.0.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4587 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3814 βΌ
π Read
via "National Vulnerability Database".
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4279 βΌ
π Read
via "National Vulnerability Database".
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2813 βΌ
π Read
via "National Vulnerability Database".
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32578 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Twinpictures Column-Matic plugin <=Γ 1.3.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3221 βΌ
π Read
via "National Vulnerability Database".
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4059 βΌ
π Read
via "National Vulnerability Database".
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blogπ Read
via "National Vulnerability Database".
βΌ CVE-2023-4253 βΌ
π Read
via "National Vulnerability Database".
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-3222 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing userΓΒ΄s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4254 βΌ
π Read
via "National Vulnerability Database".
The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".