Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro

The Hacker News
Open in Source
#xss#vulnerability#web#java#wordpress#auth#The Hacker News
Oracle RMAN Missing Auditing

Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where recovery actions are not adequately logged.

CVE-2017-20183

A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.

CVE-2022-47449: WordPress Cart Lift <= 3.1.5 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions.

CVE-2022-47434: WordPress PB SEO Friendly Images plugin <= 4.0.5 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions.

CVE-2023-25982: WordPress Simple YouTube Responsive plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions.

CVE-2023-25458: WordPress TypeSquare Webfonts for ConoHa plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions.

CVE-2023-25977: WordPress CPT – Speakers plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions.

CVE-2023-25961: WordPress darcie theme <= 1.1.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.

CVE-2023-26012: WordPress Custom Login Page plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.