CVE-2023-2229
The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the âpost_idâ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied par ...
Continue Reading
August 31, 2023
CVE-2023-2188
The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the âpost_idâ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied ...
Continue Reading
August 31, 2023
CVE-2023-4471
The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input ...
Continue Reading
August 31, 2023
CVE-2023-2174
The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1 ...
Continue Reading
August 31, 2023
CVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated at ...
Continue Reading
August 31, 2023
Apache NiFi H2 Connection String Remote Code Execution Exploit
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that ...
Continue Reading
August 31, 2023
CVE-2023-4600
The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in vers ...
Continue Reading
August 30, 2023
Apache NiFi H2 Connection String Remote Code Execution
Post ContentRead More ...
Continue Reading
August 30, 2023
CVE-2023-3136
The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escap ...
Continue Reading
August 30, 2023
CVE-2023-4597
The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and ...
Continue Reading
August 30, 2023
