Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-28774: WordPress Review Stream plugin <= 1.6.5 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions.

CVE
#xss#vulnerability#web#wordpress#auth
CVE-2023-28418: WordPress Mediciti Lite theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions.

CVE-2023-32239: WordPress Woodmart theme <= 7.2.1 - Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.

CVE-2022-47593: WordPress RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 - SQL Injection - Patchstack

Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions.

CVE-2023-25499: Disable sending updates to client for effectively non-visible nodes by tepi · Pull Request #15885 · vaadin/flow

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.

CVE-2023-34927: Casdoor Vulnerability

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

CVE-2023-25500: fix: log error messages by caalador · Pull Request #16935 · vaadin/flow

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in a potential information disclosure of class and method names in RPC responses by sending modified requests.

CVE-2023-32960: WordPress UpdraftPlus plugin <= 1.23.3 - CSRF lead to wp-admin Site Wide XSS vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).

CVE-2023-27452: WordPress Button Generator plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions.

CVE-2023-26539: WordPress Advanced Text Widget plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions.