• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0554
Quick Restaurant Menu, Thingsforrestaurants
Quick_restaurant_menu, Quick_restaurant_reservations
2023-02-06
N/A
4.3 MEDIUM
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-0553
Quick Restaurant Menu, Thingsforrestaurants
Quick_restaurant_menu, Quick_restaurant_reservations
2023-02-07
N/A
4.8 MEDIUM
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-0550
Quick Restaurant Menu, Thingsforrestaurants
Quick_restaurant_menu, Quick_restaurant_reservations
2023-02-07
N/A
4.3 MEDIUM
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.
CVE-2023-0549
Yetanotherforum
Yaf.net
2023-02-06
N/A
5.4 MEDIUM
A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.
CVE-2023-0541
Gsplugins
Gs_books_showcase, Gs_filterable_portfolio, Gs_insever_portfolio, Gs_logo_slider, Gs_portfolio_for_envato, Gs_products_slider, Gs_testimonial_slider
2023-02-21
N/A
N/A
The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0540
Gsplugins
Gs_books_showcase, Gs_filterable_portfolio, Gs_insever_portfolio, Gs_logo_slider, Gs_portfolio_for_envato, Gs_products_slider, Gs_testimonial_slider
2023-02-21
N/A
N/A
The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0534
Online Tours & Travels Management System Project
2023-02-04
N/A
4.7 MEDIUM
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.
CVE-2023-0533
Online Tours & Travels Management System Project
2023-02-04
N/A
4.7 MEDIUM
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability.
CVE-2023-0532
Online Tours & Travels Management System Project
2023-02-03
N/A
4.7 MEDIUM
A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability.
CVE-2023-0531
Online Tours & Travels Management System Project
2023-02-04
N/A
4.7 MEDIUM
A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600.
« Previous 1 … 11,226 11,227 11,228 11,229 11,230 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE