WooCommerce – Store Exporter Security Vulnerabilities

CVE-2024-36840

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to...

CVE-2024-32146

Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...

CVE-2024-32146

Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...

CVE-2024-32146 WordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

CVE-2024-35667

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

CVE-2024-35667

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....

CVE-2024-35667 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

CVE-2024-35667 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

Google&#8217;s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...

Fedora 39 : prometheus-podman-exporter (2024-1bae1999ba)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1bae1999ba advisory. release 1.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2024-2f8a62d6d6)

The remote host is missing an update for...

Fedora 40 : prometheus-podman-exporter (2024-2f8a62d6d6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2f8a62d6d6 advisory. release 1.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2024-1bae1999ba)

The remote host is missing an update for...

WP EasyCart < 5.6.0 - Missing Authorization

Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.19. This makes it possible for unauthenticated attackers to perform an unauthorized...

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

CentOS 7 : glibc (RHSA-2024:3588)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3588 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting...

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....

CVE-2024-36790

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...

CVE-2024-36790

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

CVE-2024-5637

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....

CVE-2024-5637

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....

The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...

CVE-2024-5637 Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....

CVE-2024-5637 Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

Fedora: Security Advisory for rust-zram-generator (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability (CWE-89). ## Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the.....

Medium: cri-tools

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Husband stalked ex-wife with seven AirTags, indictment says

Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The...

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library...

CVE-2024-4707 Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

CVE-2024-4707 Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

Northwind Demo 1.0 Cross Site Scripting

...

Small CRM 1.0 SQL Injection

...

Boelter Blue System Management 1.3 SQL Injection

...