Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-6360: SQL Injection in My Calendar WordPress Plugin

The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.

CVE
Open in Source
#sql#vulnerability#web#wordpress#auth
CVE-2023-5803: WordPress Business Directory plugin <= 6.3.10 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.

Deluge of Nearly 300 Fake Apps Floods Iranian Banking Sector

No Iranian bank customers are safe from financially motivated cybercriminals wielding convincing but fake mobile apps.

CVE-2023-40662: WordPress Cookies and Content Security Policy plugin <= 2.15 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.

CVE-2023-41735: WordPress Email posts to subscribers plugin <= 6.2 - Sensitive Data Exposure - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.

CVE-2023-44150: WordPress ProfilePress plugin <= 4.13.2 - Sensitive Data Exposure via Debug Log vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.

CVE-2023-45066: WordPress Export All Posts, Products, Orders, Refunds & Users plugin <= 2.4.1 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.

CVE-2023-37972: WordPress WooCommerce Product Stock Alert plugin <= 2.0.1 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.

CVE-2023-40600: WordPress EWWW Image Optimizer plugin <= 7.2.0 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.