PT-2024-39258 · WordPress · Ba Book Everything

Name of the Vulnerable Software and Affected Versions: BA Book Everything plugin for WordPress versions up to, and including, 1.6.20 Description: The issue allows unauthenticated attackers to reset any user's passwords, including administrators, due to the reset user password function not verifyi...

PT-2024-30827

Name of the Vulnerable Software and Affected Versions Smackcoders SendGrid for WordPress versions n/a through 1.4 Description The issue is related to an SQL Injection vulnerability, which allows an attacker to insert harmful data into SQL commands. This is due to the improper neutralization of...

PT-2024-11930 · WordPress · Custom Permalinks

Name of the Vulnerable Software and Affected Versions: Custom Permalinks plugin for WordPress versions up to and including 2.6.0 Description: The issue is related to insufficient input sanitization and output escaping on tag names, allowing authenticated users with editor-level permissions or...

PT-2024-25707 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.11 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...

PT-2024-6400 · Eset · Eset

Name of the Vulnerable Software and Affected Versions: ESET versions prior to the fixed version Description: The issue is related to insufficient access control in ESET's antivirus protection, potentially allowing an attacker to misuse file operations during the removal of a detected file on the...

PT-2024-7808 · Jt2Go · Jt2Go

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to V2406.0003 Description: A stack-based buffer overflow issue has been identified in the affected application. This issue could be triggered while parsing specially crafted PDF files, potentially allowing an attacker to...

PT-2024-35135 · WordPress · Postx

Name of the Vulnerable Software and Affected Versions: PostX plugin for WordPress versions up to, and including, 4.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's file uploading feature due to insufficient input sanitization and output escaping. This allows...

EC-Orange vulnerable to authorization bypass

Overview EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability CWE-639. This is the same issue as JVN51770585 EC-CUBE vulnerable to authorization bypass. This...

PT-2024-17949 · WordPress · Custom Fonts – Host Your Fonts Locally

Name of the Vulnerable Software and Affected Versions: Custom Fonts – Host Your Fonts Locally plugin for WordPress versions up to, and including, 2.1.4 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with author level or...

PT-2024-31163 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.19 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker',...

PT-2024-15912 · WordPress · The Advanced Post Block – Display Posts

Name of the Vulnerable Software and Affected Versions: The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress versions up to, and including, 1.13.1 Description: The issue is related to unauthorized access of data due to a missing capability check on the...

PT-2024-7263 · 1с · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: 1C-Bitrix Bitrix24 version 23.300.100 Description: The issue concerns insufficiently protected credentials in SMTP server settings, allowing remote administrators to send SMTP account passwords to an arbitrary server via an HTTP POST request...

PT-2024-27106 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO with AI SEO Tools plugin for WordPress versions up to, and including, 1.0.216 Description: The issue is related to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets due to insufficient input sanitization and...

PT-2024-3144 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tutor instructor list' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-20450 · WordPress · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin for WordPress versions up to, and including, 6.12.10 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes ...

PT-2024-24377 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml versions up to 0.2.5 Description: A critical vulnerability was found in libyaml, affecting the yaml emitter emit flow sequence item function. This issue leads to a heap-based buffer overflow and may be exploited remotely. The exploit...

PT-2024-23298 · Unknown · Astro-Shield

Name of the Vulnerable Software and Affected Versions: Astro-Shield versions 1.2.0 through 1.3.1 Description: Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. The issue allows bypass to the...

PT-2024-19787 · Apple · Macos Sonoma +5

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 17.4 Apple iOS versions prior to 17.4 Apple iPadOS versions prior to 17.4 Apple macOS Sonoma versions prior to 14.4 Apple watchOS versions prior to 10.4 Description: This issue was addressed through improved state...

PT-2024-15507 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized access of data due to a missing capability check on the g...

react-query-streamed-hydration Cross-site Scripting vulnerability

Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...