Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-47190: WordPress Apollo13 Framework Extensions plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-47231: WordPress ShortCodes UI plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.

CVE-2023-47226: WordPress Post Sliders & Post Grids plugin <= 1.0.20 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <= 1.0.20 versions.

CVE-2023-47229: WordPress Top 25 Social Icons plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin <= 3.1 versions.

CVE-2023-47181: WordPress IdeaPush plugin <= 8.52 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <= 8.52 versions.

Microsoft Azure Exploited to Create Undetectable Cryptominer

By Deeba Ahmed esearchers have labeled this as the "ultimate cryptominer." This is a post from HackRead.com Read the original post: Microsoft Azure Exploited to Create Undetectable Cryptominer

GHSA-7h8m-vrxx-vr4m: ZITADEL race condition in lockout policy execution

### Impact ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. ### Patches 2.x versions are fixed on >= [2.40.5](https://github.com/zitadel/zitadel/releases/tag/v2.40.5) 2.38.x versions are fixed on >= [2.38.3](https://github.com/zitadel/zitadel/releases/tag/v2.38.3) ### Workarounds There is no workaround since a patch is already available. ### References None ### Questions If you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])

CVE-2023-46642: WordPress SAHU TikTok Pixel for E-Commerce plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <= 1.2.2 versions.

CVE-2023-46643: WordPress CloudNet360 plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions.

CVE-2023-47379: Stored XSS Vulnerability in Microweber Version 2.0.1 - Astra

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.