Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-38515: WordPress Church Admin plugin <= 3.7.56 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.

CVE
#vulnerability#web#wordpress#ssrf
CVE-2023-35041: WordPress Web Push Notifications – Webpushr plugin <= 4.34.0 - CSRF Leading to LFI vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions.

CVE-2023-31219: WordPress Download Monitor plugin <= 4.8.1 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.

CVE-2023-34013: WordPress Poll Maker plugin <= 4.6.2 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.

CVE-2023-23800: WordPress Shortcodes Ultimate plugin <= 5.12.6 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.

CVE-2023-23684: WordPress WPGraphQL plugin <= 1.14.5 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

CVE-2022-45835: WordPress PhonePe Payment Solutions plugin <= 1.0.15 - Server Side Request Forgery (SSRF) - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.

CVE-2023-38364

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821.

CVE-2023-26543: WordPress WP Meteor Page Speed Optimization Topping plugin <= 3.1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions.