Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-35909: WordPress Ninja Forms plugin 3.6.25 - Denial of Service Attack vulnerability - Patchstack

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.

CVE
Open in Source
#vulnerability#web#dos#wordpress
CVE-2023-47779: WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.4 - Open Redirection vulnerability - Patchstack

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4.

CVE-2023-46641: WordPress 12 Step Meeting List plugin <= 3.14.24 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.

CVE-2023-41804: WordPress Starter Templates plugin <= 3.2.4 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.

CVE-2022-45362: WordPress Paytm Payment Gateway plugin <= 2.7.0 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0.

CVE-2023-49746: WordPress SpeedyCache plugin <= 1.1.2 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2.

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or  Struts 6.3.0.1 or greater to fix this issue.

CVE-2023-48860: security_research/TOTOLINK-N300RT-RCE.md at main · xieqiang11/security_research

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

CVE-2023-48861: POC4/README.md at main · xieqiang11/POC4

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

CVE-2023-43298: CVE-reports/CVE-2023-43298.md at main · syz913/CVE-reports

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.