CVE-2023-5385 - How a WordPress Plugin Let Low-Permission Users Copy Any Post (Funnelforms Free <= 3.4)
Date: June 2024
Severity: Medium
Exploitability: Authenticated (Subscriber+)
>The Funnelforms Free plugin for WordPress, up to version 3.4, contains a security vulnerability (CVE-2023-5385)
CVE-2023-5667 - Exploiting Stored Cross-Site Scripting in Tab Ultimate WordPress Plugin — A Deep Dive
WordPress plugin vulnerabilities can put your entire website at risk, and nothing exemplifies this more than CVE-2023-5667. In this article, we’ll look at how
CVE-2023-2440 - Critical Vulnerability in UserPro Plugin for WordPress: Cross-Site Request Forgery Leading to Privilege Escalation
The popular UserPro plugin for WordPress is facing a critical vulnerability due to Cross-Site Request Forgery (CSRF) in versions up to, and including, 5.1.
CVE-2023-49103 - Revealing Sensitive Information in ownCloud Through graphapi's GetPhpInfo.php
Summary:
A serious information disclosure vulnerability, CVE-2023-49103, was discovered in ownCloud's graphapi app versions .2.x (before .2.1) and .3.x (before
CVE-2023-47651 - Cross-Site Request Forgery (CSRF) in WP Links Page – Exploit & Insights
---
Summary:
A recent security flaw, tracked as CVE-2023-47651, was discovered in the popular WordPress plugin WP Links Page (developed by Robert Macchi). This Cross-Site
Episode
00:00:00
00:00:00