136 matches found
WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Product Size Charts Plugin for WooCommerce versions = 2.4.5...
PT-2025-5250 · Woocommerce · Product Size Charts Plugin For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Size Charts Plugin for WooCommerce versions 2.4.5 and earlier Description: The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorize...
CVE-2024-54320 WordPress ICDSoft Reseller Store plugin<= 2.4.5 -Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icdsoft ICDSoft Reseller Store icdsoft-reseller-store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through = 2.4.5...
CVE-2024-43297
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5...
CVE-2024-43297
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5...
CVE-2024-43298
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass due to improper handling of sensitive information. An attacker with administrative privileges can bypass security features, leading to a low impact on...
Improper Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization allowing a low-privileged attacker could bypass security measures and impact confidentiality and integrity without user interaction. Remediation...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass. An attacker can escalate privileges by leveraging the improper access control settings. Remediation Upgrade magento/community-edition to version...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass. A low-privileged attacker could bypass security measures and impact system integrity by exploiting this vulnerability without requiring user...
GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...
Nagios Plugins 安全漏洞
Nagios Plugins is an open source plugin from the Nagios Plugins Project. A security vulnerability exists in Nagios Plugins version 2.4.5 that originates from allowing arbitrary commands to be executed via ProxyCommand, LocalCommand, and PermitLocalCommand...
Missing Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Missing Authorization via the authorization process. A low-privileged attacker can gain unauthorized access to view and modify low-sensitivity information by bypassing...
GHSA-MMP7-8CG4-9WRG Magento Stored Cross-Site Scripting (XSS) vulnerability
Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...
CVE-2024-39403
CVE-2024-39403 is a stored XSS vulnerability in Adobe Commerce/Magento Open Source (Magento) tied to the Webhook module public key configuration. Affected: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Impact per sources: attacker could inject malicious script into v...
389-ds-base security update
2.4.5-9 - Bump version to 2.4.5-9 - Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request - Resolves: RHEL-40945 - Malformed userPassword hash may cause Denial of Service - Resolves: RHEL-49457 - perf search result investigation for many large...
PT-2024-27407 · Beaver Builder · Ninja Beaver Add-Ons
Name of the Vulnerable Software and Affected Versions: Ninja Beaver Add-ons for Beaver Builder versions through 2.4.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
WordPress plugin BBS e-Popup security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37050 · WordPress · The Newsletter - Api
Name of the Vulnerable Software and Affected Versions: The Newsletter - API v1 and v2 addon plugin for WordPress versions up to, and including, 2.4.5 Description: The issue allows unauthorized management of subscribers due to a PHP type juggling problem in the check api key function. This enables...
Oracle Linux 9 : 389-ds-base (ELSA-2024-3837)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3837 advisory. 2.4.5-8 - Bump version to 2.4.5-8 - Fix License tag 2.4.5-7 - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed...