WordPress SKT Blocks plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin SKT Blocks versions = 1.9...

WordPress B Blocks plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Logan Cote in WordPress Plugin B Blocks versions = 2.0.0...

WordPress Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) Plugin <= 1.2.1 is vulnerable to SQL Injection

Software Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11009 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID...

WordPress Category Ajax Filter Plugin <= 2.8.2 is vulnerable to Local File Inclusion

Software Category Ajax Filter Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10871 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 41b4026eef43 Credits Le Ngoc Anh Required privilege...

WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7709d157b72c Credits zer0gh0st Required...

WordPress Skt NURCaptcha Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Skt NURCaptcha Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11342 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f1e7b8255838 Credits SOPROBRO Required...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Broken Access Control

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9941 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 71c6636a78f1 Credits Tonn Required privilege Subscriber...

WordPress Rescue Shortcodes Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9032d40ace0e Credits Peter Thaleikis Required...

WordPress 코드엠샵 소셜톡 Plugin <= 1.1.18 is vulnerable to Cross Site Scripting (XSS)

Software 코드엠샵 소셜톡 Type Plugin Vulnerable versions = 1.1.18 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11229 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 68c0c2cab457 Credits Peter Thaleikis Required...

WordPress WP User Manager Plugin <= 2.9.11 is vulnerable to Broken Access Control

Software WP User Manager Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10216 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID dd84c78601e5 Credits BrokenAC ignore Required...

WordPress Chessgame Shizzle Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Chessgame Shizzle Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11446 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1722680fdfe8 Credits vgo0 Required...

WordPress GEO my WordPress Plugin < 4.5 is vulnerable to Arbitrary File Upload

Software GEO my WordPress Type Plugin Vulnerable versions 4.5 Fixed in 4.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9422 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID d3c56af69a13 Credits Michael Dyrna Required privilege Administrator...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Arbitrary File Upload

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9942 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58875029db47 Credits Tonn Required privilege Unauthenticated Published...

WordPress Premium Packages Plugin <= 5.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.9.3 Fixed in 5.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11225 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 615d91201bee Credits Peter Thaleikis...

WordPress Dino Game Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Dino Game Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11388 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3063a938b1ce Credits SOPROBRO Required privilege...

WordPress CM Table Of Contents – WordPress TOC Plugin Plugin < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software CM Table Of Contents – WordPress TOC Plugin Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5029 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7d80877428bb...

WordPress Co-marquage service-public.fr Plugin <= 0.5.76 is vulnerable to Cross Site Scripting (XSS)

Software Co-marquage service-public.fr Type Plugin Vulnerable versions = 0.5.76 Fixed in 0.5.77 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10522 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1b874700b5d7 Credits...

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10890 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf76651e6ed6 Credits...

CVE-2024-50285

CVE-2024-50285 affects ksmbd in the Linux kernel. The issue occurs when a client issues simultaneous SMB operations, which can exhaust memory via ksmbd_work_cache and cause an OOM. A patch adds a check against exceeding max credits, treating each SMB request as consuming at least one credit to pr...