Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-44229: WordPress Tiny Carousel Horizontal Slider plugin <= 8.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.

CVE
#xss#vulnerability#web#wordpress#auth
CVE-2023-45749: WordPress AGP Font Awesome Collection plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.

CVE-2023-45753: WordPress which template file plugin <= 4.6.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions.

CVE-2023-45831: WordPress AMP WP – Google AMP For WordPress plugin <= 1.5.15 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions.

CVE-2023-45647: WordPress Constant Contact Forms by MailMunch plugin <= 2.0.10 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions.

CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.