WordPress Contest Gallery Plugin <= 24.0.7 is vulnerable to Privilege Escalation

Software Contest Gallery Type Plugin Vulnerable versions = 24.0.7 Fixed in 24.0.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11103 Patch priority High CVSS severity High 9.8 Developer Wasiliy Strecker PSID 917060960355 Credits...

WordPress Login with Vipps and MobilePay Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Login with Vipps and MobilePay Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11786 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fdf93186291b Credits Peter...

WordPress Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) Plugin <= 1.2.1 is vulnerable to SQL Injection

Software Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11009 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID...

WordPress EmbedPress Plugin <= 4.1.3 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.1.3 Fixed in 4.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11203 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 903c99a746e2 Credits Max Boll b0lli Required...

WordPress Kudos Donations Plugin <= 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Kudos Donations Type Plugin Vulnerable versions = 3.2.9 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27c0ae774d02 Credits vgo0 Required...

WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation

Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...

WordPress NiceJob Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)

Software NiceJob Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e99b9ef723fc Credits Peter Thaleikis Required...

WordPress Category Ajax Filter Plugin <= 2.8.2 is vulnerable to Local File Inclusion

Software Category Ajax Filter Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10871 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 41b4026eef43 Credits Le Ngoc Anh Required privilege...

WordPress Counter Up Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Counter Up Type Plugin Vulnerable versions = 2.4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10895 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1138a112af91 Credits Peter Thaleikis Required...

JVN#87182660: WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting

WordPress Plugin "WP Admin UI Customize" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability CWE-79. Impact If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release

Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of...

WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7709d157b72c Credits zer0gh0st Required...

WordPress CM Header & Footer Script Loader Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software CM Header & Footer Script Loader Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 36d111d1460e Credits...

WordPress Video Lessons Manager Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Video Lessons Manager Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6edf652333 Credits Peter...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...

WordPress Support SVG Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Support SVG Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11091 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d70333b5396 Credits Francesco Carlucci Required...

WordPress AppPresser Plugin <= 4.4.6 is vulnerable to Privilege Escalation

Software AppPresser Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11024 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25ae1391ba68 Credits shaman0x01...

WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Sensitive Data Exposure

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8899 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a83345ae77b9 Credits Ankit Patel Required...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Broken Access Control

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9941 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 71c6636a78f1 Credits Tonn Required privilege Subscriber...

WordPress CM On Demand Search And Replace Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf0ce3925274 Credits...