Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34024: WordPress WP Full Auto Tags Manager plugin <= 2.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions.

CVE
#csrf#vulnerability#wordpress#auth
CVE-2023-34031: WordPress bbPress Toolkit plugin <= 1.0.12 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.

CVE-2023-32594: WordPress Hyphenator plugin <= 5.1.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.

CVE-2023-32739: WordPress WP Custom Cursors plugin < 3.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.

CVE-2023-5954: HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

CVE-2023-39198: cve-details

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

CVE-2023-34177: WordPress WP-Cache.com plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagström WP-Cache.Com plugin <= 1.1.1 versions.