Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-48742: WordPress License Manager for WooCommerce plugin <= 2.2.10 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10.

CVE
#sql#vulnerability#wordpress
CVE-2023-48913: cms/The deletion function of the Article Management Office exists in CSRF.md at main · Tiamat-ron/cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.

CVE-2023-47827: WordPress Events Addon for Elementor plugin <= 2.1.3 - Broken Access Control vulnerability - Patchstack

Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3.

CVE-2023-37867: WordPress Yasr – Yet Another Stars Rating plugin <= 3.3.8 - Race Condition vulnerability - Patchstack

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.

CVE-2023-48279: WordPress Seraphinite Post .DOCX Source plugin <= 2.16.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6.

CVE-2023-34030: WordPress Complianz plugin <= 6.4.5 - Multiple Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7.

CVE-2023-36682: WordPress Schema Pro plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.

CVE-2023-48281: WordPress Broken Link Checker for YouTube plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.This issue affects Broken Link Checker for YouTube: from n/a through 1.3.

CVE-2023-48914: cms/There is a csrf in the newly added section of article management.md at main · Tiamat-ron/cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.

CVE-2023-48964: GitHub - daodaoshao/vul_tenda_i6_2

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.