Nixpkgs Security Tracker

Permalink CVE-2025-47509

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

WordPress Top 10 <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.

References

Affected products

top-10

=<4.1.0

Matching in nixpkgs

pkgs.budgie-desktop

Feature-rich, modern desktop designed to keep out the way of the user

nixos-unstable -
- nixpkgs-unstable 10.9.2

pkgs.gnomeExtensions.serenity-desktop

A Per-Monitor-Workspace window manager designed for productive use. It offers two main features:

nixos-unstable -
- nixpkgs-unstable 10

Package maintainers

@bobby285271 Bobby Rong <rjl931189261@126.com>
@getchoo Seth Flynn <getchoo@tuta.io>
@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2023-25993

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 6 months ago

WordPress Top 10 – Popular posts plugin for WordPress plugin <= 3.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.

References

https://patchstack.com/database/wordpress/plugin/top-10/vulnerability/wordpress… vdb-entry

Affected products

top-10

=<3.2.3

Matching in nixpkgs

pkgs.budgie-desktop

Feature-rich, modern desktop designed to keep out the way of the user

nixos-unstable -
- nixpkgs-unstable 10.9.2

pkgs.gnomeExtensions.serenity-desktop

A Per-Monitor-Workspace window manager designed for productive use. It offers two main features:

nixos-unstable -
- nixpkgs-unstable 10

Package maintainers

@bobby285271 Bobby Rong <rjl931189261@126.com>
@getchoo Seth Flynn <getchoo@tuta.io>
@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2023-26008

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.

References

https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… vdb-entry
https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… x_transferred vdb-entry
https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… vdb-entry
https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… x_transferred vdb-entry

Affected products

top-10

=<3.2.4

Matching in nixpkgs

pkgs.budgie-desktop

Feature-rich, modern desktop designed to keep out the way of the user

nixos-unstable -
- nixpkgs-unstable 10.9.2

pkgs.gnomeExtensions.serenity-desktop

A Per-Monitor-Workspace window manager designed for productive use. It offers two main features:

nixos-unstable -
- nixpkgs-unstable 10

Package maintainers

@bobby285271 Bobby Rong <rjl931189261@126.com>
@getchoo Seth Flynn <getchoo@tuta.io>
@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2023-47238

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.

References

https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… vdb-entry
https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… x_transferred vdb-entry
https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… vdb-entry
https://patchstack.com/database/vulnerability/top-10/wordpress-top-10-plugin-3-… x_transferred vdb-entry

Affected products

top-10

=<3.3.2

Matching in nixpkgs

pkgs.budgie-desktop

Feature-rich, modern desktop designed to keep out the way of the user

nixos-unstable -
- nixpkgs-unstable 10.9.2

pkgs.gnomeExtensions.serenity-desktop

A Per-Monitor-Workspace window manager designed for productive use. It offers two main features:

nixos-unstable -
- nixpkgs-unstable 10

Package maintainers

@bobby285271 Bobby Rong <rjl931189261@126.com>
@getchoo Seth Flynn <getchoo@tuta.io>
@honnip Jung seungwoo <me@honnip.page>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.budgie-desktop

pkgs.gnomeExtensions.serenity-desktop

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.budgie-desktop

pkgs.gnomeExtensions.serenity-desktop

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.budgie-desktop

pkgs.gnomeExtensions.serenity-desktop

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.budgie-desktop

pkgs.gnomeExtensions.serenity-desktop

Package maintainers