CVE-2023-1120
published 2023-04-10CVE-2023-1120: The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.44%
35.3th percentile
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibenic | simple_giveaways | < 2.45.1 | 2.45.1 |
| linux | linux_kernel | >= 5.13.0 < 5.15.113 | 5.15.113 |
| linux | linux_kernel | >= 5.16.0 < 6.1.30 | 6.1.30 |
| linux | linux_kernel | >= 6.2.0 < 6.3.4 | 6.3.4 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
serial: 8250_bcm7271: fix leak in `brcmuart_probe`
osv·2025-12-30
CVE-2023-54301 serial: 8250_bcm7271: fix leak in `brcmuart_probe`
serial: 8250_bcm7271: fix leak in `brcmuart_probe`
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_bcm7271: fix leak in `brcmuart_probe`
Smatch reports:
drivers/tty/serial/8250/8250_bcm7271.c:1120 brcmuart_probe() warn:
'baud_mux_clk' from clk_prepare_enable() not released on lines: 1032.
The issue is fixed by using a managed clock.
GHSA
GHSA-3jhg-69mr-g25w: The Simple Giveaways WordPress plugin before 2
ghsa_unreviewed·2023-04-10
CVE-2023-1120 [MEDIUM] CWE-79 GHSA-3jhg-69mr-g25w: The Simple Giveaways WordPress plugin before 2
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Red Hat
kernel: serial: 8250_bcm7271: fix leak in `brcmuart_probe`
vendor_redhat·2025-12-30·CVSS 3.3
CVE-2023-54301 [LOW] CWE-772 kernel: serial: 8250_bcm7271: fix leak in `brcmuart_probe`
kernel: serial: 8250_bcm7271: fix leak in `brcmuart_probe`
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_bcm7271: fix leak in `brcmuart_probe`
Smatch reports:
drivers/tty/serial/8250/8250_bcm7271.c:1120 brcmuart_probe() warn:
'baud_mux_clk' from clk_prepare_enable() not released on lines: 1032.
The issue is fixed by using a managed clock.
A resource leak flaw was found in the Broadcom BCM7271 serial driver. In the brcmuart_probe() function, the baud_mux_clk clock is prepared and enabled but not released in error paths, causing a clock resource leak when driver probe fails.
Statement: This affects only Broadcom BCM7271 platforms using the 8250_bcm7271 serial driver. The leak occurs only during failed probe operations, not during normal runtime. Standard
No detection rules found.
No public exploits indexed.
2023-04-10
Published