WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.7...

WordPress Jobs for WordPress Plugin < 2.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions 2.7.8 Fixed in 2.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10104 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 470159fcd95b Credits Krugov Artyom Required...

WordPress WP Contest Plugin <= 1.0.0 is vulnerable to SQL Injection

Software WP Contest Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51837 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f10ee023a1cd Credits LVT-tholv2k Required privilege Contributor Published 8...

Medium: openssl11

Issue Overview: openssl: Use After Free with SSLfreebuffers CVE-2024-4741 Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a...

WordPress Tutor LMS Plugin <= 2.7.3 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43142 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a337e912bf3f Credits justakazh Required privilege Tutor...

WordPress SiteGround Security Plugin <= 1.5.0 is vulnerable to Broken Access Control

Software SiteGround Security Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0aeabb62f534 Credits Rafie Muhammad Patchstack...

WordPress SEOPress Plugin < 7.8 is vulnerable to Cross Site Scripting (XSS)

Software SEOPress Type Plugin Vulnerable versions 7.8 Fixed in 7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4899 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a4a83ee6addf Credits Dmirtii Ignatyev Required privilege...

WordPress Hueman Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF)

Software Hueman Type Theme Vulnerable versions = 3.7.24 Fixed in 3.7.25 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2b3848018aa3 Credits Dhabaleshwar Das Required...

WordPress Similarity Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Similarity Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3971 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9a13b3ce24a3 Credits Bob Matyas Required privilege...

WordPress Popup4Phone Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup4Phone Type Plugin Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3580 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9736f59d6bae Credits Bob Matyas Required privilege...

CVE-2024-2631

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-0809

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...

WordPress BP Profile Shortcodes Extra Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software BP Profile Shortcodes Extra Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47815 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 426f08e56edb Credits Ngô Thiên An ancorn from...

WordPress Amazonify Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Amazonify Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5819 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ec91eb79aea Credits Ala Arfaoui Required privilege...

Input validation

Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. Chromium security severity: Low...

WordPress Responsive CSS EDITOR Plugin <= 1.0 is vulnerable to SQL Injection

Software Responsive CSS EDITOR Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2482 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0ef0cb588232 Credits Chien Vuong Required privilege Administrator...

ManageEngine Asset Explorer v6.1 - Persistent Vulnerability

Document Title: =============== ManageEngine Asset Explorer v6.1 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1488 Release Date: ============= 2015-06-22 Vulnerability Laboratory ID VL-ID: ===================================...

Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities

Document Title: =============== Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=561 Barracuda Networks Security ID: BNSEC-278 Release Date: ============= 2012-07-15 Vulnerability Laboratory ID VL-I...