CyberSecurityBoard
Sponsor Register Login

CVE-2023-3709

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.

Publication date: Tue, 18 Jul 2023 08:15:00 +0000


Cyber News related to CVE-2023-3709

CVE-2023-53841 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
2 years ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
CVE-2023-53726 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2023-3709 - The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes ...
2 years ago
CVE-2021-3709 - Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior ...
3 years ago
CVE-2011-3709 - b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files. ...
13 years ago
CVE-2013-3709 - WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. ...
12 years ago
CVE-2005-3709 - Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file. ...
8 years ago
CVE-2008-3709 - Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) ...
8 years ago
CVE-2012-3709 - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in ...
8 years ago
CVE-2015-3709 - Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. ...
8 years ago
CVE-2014-3709 - The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. ...
8 years ago Cloak
CVE-2009-3709 - Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag. ...
2 years ago
CVE-2007-3709 - CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header. ...
7 years ago
CVE-2006-3709 - Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04. ...
7 years ago
CVE-2019-3709 - IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the ...
6 years ago
CVE-2016-3709 - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. ...
3 years ago
CVE-2022-3709 - A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. ...
3 years ago
CVE-2010-3709 - The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. ...
2 years ago
CVE-2018-3709 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none. ...
56 years ago Tenable.com
CVE-2020-3709 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none ...
2 years ago
CVE-2025-3709 - Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack. ...
8 months ago
CVE-2023-54258 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
2 years ago Microsoft.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)