Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

WordPress WP ERP 1.12.2 SQL Injection

WordPress WP ERP plugin versions 1.12.2 and below suffer from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#windows#linux#js#wordpress#auth
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as

CVE-2023-46066: WordPress Mediabay plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay – Media Library Folders plugin <= 1.6 versions.

CVE-2023-44987: WordPress Timely Booking Button plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions.

CVE-2023-45748: WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions.

CVE-2023-44986: WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions.

CVE-2023-44984: WordPress bbp style pack plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions.

CVE-2023-44985: WordPress BuddyMeet plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions.

CVE-2023-44229: WordPress Tiny Carousel Horizontal Slider plugin <= 8.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.

CVE-2023-45749: WordPress AGP Font Awesome Collection plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.