2025-06-12 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2023-44000 | n/a - n/a | An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | CNA n/a CVSS3.1: 5.4 - MEDIUM | 0 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2023-6561 | marceljm - Featured Image from URL (FIFU) | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVSS3.1: 6.4 - MEDIUM | 0 1 2 3 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2023-4246 | webdevmattcrom - GiveWP – Donation Plugin and Fundraising Platform | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | CVSS3.1: 4.3 - MEDIUM | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
This post is licensed under CC BY 4.0 by the author.