CyberSecurityBoard
Sponsor Register Login

CVE-2023-3721

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Publication date: Tue, 15 Aug 2023 01:15:00 +0000


Cyber News related to CVE-2023-3721

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
2 years ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
2 years ago Microsoft.com
Routers Under Attack - Attacks Scanning for IoT & Routers at Record High - The report notes that some hosting providers have begun taking action against these activities, but significant work remains to curtail the growing tide of vulnerability scanning threatening internet-connected devices worldwide. According to recent ...
9 months ago Cybersecuritynews.com CVE-2023-1389
CVE-2023-3721 - The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...
2 years ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
CVE-2024-34148 - Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property ...
1 year ago
CVE-2007-3721 - The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the ...
17 years ago
CVE-2011-3721 - concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain ...
13 years ago
CVE-2013-3721 - SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter. ...
12 years ago
CVE-2005-3721 - The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. ...
9 years ago
CVE-2012-3721 - Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. ...
8 years ago
CVE-2015-3721 - The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. ...
8 years ago
CVE-2008-3721 - PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. ...
8 years ago
CVE-2016-3721 - Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. ...
1 year ago
CVE-2006-3721 - Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04. ...
7 years ago
CVE-2018-3721 - lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, ...
1 year ago
CVE-2020-3721 - Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. ...
5 years ago
CVE-2009-3721 - Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the ...
4 years ago
CVE-2021-3721 - A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. ...
3 years ago
CVE-2022-3721 - Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. ...
3 years ago
CVE-2019-3721 - Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to ...
2 years ago
CVE-2010-3721 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none ...
55 years ago Tenable.com
CVE-2024-3721 - A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc ...
1 year ago Tenable.com CVE-2023-1389
CVE-2025-40196 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)