Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-36507: WordPress BookingPress plugin <= 1.0.64 - Unauth. Server Information Disclosure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.

CVE
Open in Source
#vulnerability#wordpress#auth
CVE-2023-45834: WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.

CVE-2023-46820: WordPress Image Regenerate & Select Crop plugin <= 7.3.0 - Sensitive Data Exposure via Log File vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0.

CVE-2023-48333: WordPress Booster for WooCommerce plugin <= 7.1.1 - Auth. Arbitrary Order Information Disclosure Vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.

CVE-2023-6401

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6402

A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423.

CVE-2023-40662: WordPress Cookies and Content Security Policy plugin <= 2.15 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.

CVE-2023-41735: WordPress Email posts to subscribers plugin <= 6.2 - Sensitive Data Exposure - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.

CVE-2023-44150: WordPress ProfilePress plugin <= 4.13.2 - Sensitive Data Exposure via Debug Log vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.

CVE-2023-45066: WordPress Export All Posts, Products, Orders, Refunds & Users plugin <= 2.4.1 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.