WordPress WP Server Health Stats Plugin 1.7.6 is vulnerable to Backdoor

Software WP Server Health Stats Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 45a546f4e251 Credits WordFence Required privilege Unauthenticated...

WordPress Kadence Blocks Pro Plugin < 2.3.8 is vulnerable to Broken Access Control

Software Kadence Blocks Pro Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1330 Patch priority Low CVSS severity Low 4.3 Developer KadenceWP PSID 0488c91e76be Credits Scott Kingsley Clark Required...

WordPress File Manager Plugin <= 7.2.7 is vulnerable to Broken Access Control

Software File Manager Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37254 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64eee288cde4 Credits Rafie Muhammad Patchstack Requir...

WordPress Elements kit Elementor addons Plugin <= 3.1.4 is vulnerable to Broken Access Control

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37255 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b0cbfbfccc4f Credits Rafie Muhammad Patchstack...

WordPress Logo Manager For Enamad Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4757 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 134c5c763311 Credits Bob Matyas...

WordPress Tabs Plugin <= 4.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Type Plugin Vulnerable versions = 4.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca26fed23f5 Credits Jean Tirstan T Required privilege Administrator...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.8 is vulnerable to Sensitive Data Exposure

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.8 Fixed in 3.5.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-24709 Patch priority Low CVSS severity Low 7.5 Developer WP Lab PSID 227921a369c8 Credits Aman Rawat Required privileg...

WordPress Popup box Plugin <= 4.5.1 is vulnerable to Broken Access Control

Software Popup box Type Plugin Vulnerable versions = 4.5.1 Fixed in 4.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37096 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID aaf62ab75160 Credits Abdi Pranata Required privile...

WordPress User Profile Picture Plugin <= 2.6.1 is vulnerable to Broken Access Control

Software User Profile Picture Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f06c42237928 Credits JoanClarke2 Required...

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...

WordPress Excellent Theme <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Excellent Type Theme Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35763 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85c92164ea82 Credits stealthcopter Required privilege Contributor...

WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...

The vulnerability of the isPublic() function in the node-ip utility of the Node.js software platform allows a attacker to execute an SSRF attack.

The vulnerability of the isPublic function in the node-ip utility of the Node.js software platform is related to incorrect classification of IP addresses. Exploiting this vulnerability could allow a remote attacker to execute an SSRF attack...

WordPress Newsletter - API addon (Premium) Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Newsletter - API addon Premium Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5674 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f2621f00fec2 Credits Arkadiusz...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.22 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.22 Fixed in 5.7.23 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4845 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 382e424feada Credits Arkadiusz Hydzik Required...

WordPress Activity Reactions For Buddypress Plugin <= 12.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Activity Reactions For Buddypress Type Plugin Vulnerable versions = 12.5.0 Fixed in 12.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4892 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a3e1e0166ec Credit...

WordPress Salon booking system Plugin <= 9.9 is vulnerable to Broken Access Control

Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4468 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 495ce87718e9 Credits JoanClarke2 Required privile...

WordPress Woody ad snippets Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Woody ad snippets Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35751 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fea34aee9079 Credits savphill Required privilege...

WordPress Dashboard To-Do List Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Dashboard To-Do List Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35723 Patch priority Low CVSS severity Low 4.3 Developer Andrew Rapps PSID e4b3c03fafe1 Credits CatFather Required privileg...

UBUNTU-CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...