Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-46006: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-2.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.

CVE
Open in Source
#sql#vulnerability#git#php
CVE-2023-46005: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

CVE-2023-46004: Zerrr0_Vulnerability/Best Courier Management System 1.0/Arbitrary-File-Upload-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.

CVE-2023-45608: WordPress Smart Cookie Kit plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Nicola Modugno Smart Cookie Kit plugin <= 2.3.1 versions.

CVE-2023-45073: WordPress Mendeley plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Koch Mendeley Plugin plugin <= 1.3.2 versions.

CVE-2023-45072: WordPress Order auto complete for WooCommerce plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <= 1.2.0 versions.

CVE-2023-45071: WordPress Form Maker by 10Web plugin <= 1.15.18 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions.

CVE-2023-45070: WordPress Form Maker by 10Web plugin <= 1.15.18 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions.

CVE-2023-45067: WordPress WP Simple HTML Sitemap plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions.

CVE-2023-45065: WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions.