Hírolvasó

ECHO Network · 2023. június 15.

CVE-2023-3276

NVD: fully analised CVE · 2023. június 15.

CVE-2023-24420 (admin_side_data_storage_for_contact_form_7)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.
NVD: fully analised CVE · 2023. június 15.

CVE-2023-25055 (google_xml_sitemap_for_videos)

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.
NVD: fully analised CVE · 2023. június 15.

CVE-2023-27634 (intrepidity)

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.
NVD: all CVE · 2023. június 15.

CVE-2023-24420

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.
NVD: all CVE · 2023. június 15.

CVE-2023-25055

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.
NVD: all CVE · 2023. június 15.

CVE-2023-27634

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.
Talos Group- Cisco blog · 2023. június 15.

Paying it forward with sponsorship

Humans are social creatures – no question about it. We usually need other people to feel happy, safe, and connected. However, on top of playing an important role in satisfying our basic needs, r… Read more on Cisco Blogs

NVD: fully analised CVE · 2023. június 15.

CVE-2023-3276 (hutool)

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
NVD: fully analised CVE · 2023. június 15.

CVE-2023-23802 (ht_easy_ga4_(google_analytics_4))

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.
NVD: fully analised CVE · 2023. június 15.

CVE-2023-25450 (givewp)

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
NVD: fully analised CVE · 2023. június 15.

CVE-2023-25972 (wordpress_ctapt)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions.
NVD: fully analised CVE · 2023. június 15.

CVE-2023-3274 (supplier_management_system)

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624.
NVD: fully analised CVE · 2023. június 15.

CVE-2023-3275 (rail_pass_management_system)

A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability.
NVD: all CVE · 2023. június 15.

CVE-2023-23802

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.
NVD: all CVE · 2023. június 15.

CVE-2023-25450

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.
NVD: all CVE · 2023. június 15.

CVE-2023-25972

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions.