CVE-2023-38888

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analy ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - MEDIUM

CVE-2023-4716

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitizat ...

Continue Reading

CVSS3 - MEDIUM

CVSS2 - MEDIUM

CVE-2023-4774

The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input s ...

Continue Reading

CVSS3 - MEDIUM

CVSS2 - MEDIUM

Arbitrary Argument Injection

blamer is vulnerable to Arbitrary Argument Injection. The vulnerability is due to `blameByFile()` API not properly sanitizing the user input and validating the give file path. This can be exploited by ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - MEDIUM

Denial Of Service

grpc is vulnerable to Denial Of Service. The vulnerability is due to improper error handling in TCP server which allows an attacker to initiate number of concurrent connections with the server leading ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Remote Code Execution

FUXA is vulnerable to Remote Command Execution. The vulnerability is due to the lack of sanitization on user supplied input which allows use of dangerous methods at the following affected API route `/ ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

Server-Side Request Forgery (SSRF)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls ...

Continue Reading

CVSS3 - MEDIUM

CVSS2 - MEDIUM

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)

Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerab ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Back to Main

Subscribe for the latest news: