WordPress Skt NURCaptcha Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Skt NURCaptcha Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11342 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f1e7b8255838 Credits SOPROBRO Required...

WordPress Booster for WooCommerce Plugin <= 7.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.2.3 Fixed in 7.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cb123e14d09e Credits Francesco Carluc...

WordPress Fintelligence Calculator Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Fintelligence Calculator Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-53731 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d294aa2e0bc Credits SOPROBRO Required privilege...

WordPress 코드엠샵 소셜톡 Plugin <= 1.1.18 is vulnerable to Cross Site Scripting (XSS)

Software 코드엠샵 소셜톡 Type Plugin Vulnerable versions = 1.1.18 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11229 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 68c0c2cab457 Credits Peter Thaleikis Required...

WordPress Rescue Shortcodes Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9032d40ace0e Credits Peter Thaleikis Required...

Malicious Package

Overview gptplus is a malicious package. This package mimics a tool for working with ChatGPT, silently exfiltrating data and compromising developer environments. Remediation Avoid using all malicious instances of the gptplus package. References - Vulnerability Report Credit: Leonid Bezvershenko...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Arbitrary File Upload

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9942 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58875029db47 Credits Tonn Required privilege Unauthenticated Published...

WordPress Easy Liveblogs Plugin <= 2.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Liveblogs Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11387 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6da863109659 Credits SOPROBRO Required...

WordPress LA-Studio Element Kit for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10873 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID b849859ee751 Credits WordFence Required...

WordPress WP User Manager Plugin <= 2.9.11 is vulnerable to Broken Access Control

Software WP User Manager Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10216 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID dd84c78601e5 Credits BrokenAC ignore Required...

WordPress Chessgame Shizzle Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Chessgame Shizzle Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11446 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1722680fdfe8 Credits vgo0 Required...

WordPress GEO my WordPress Plugin < 4.5 is vulnerable to Arbitrary File Upload

Software GEO my WordPress Type Plugin Vulnerable versions 4.5 Fixed in 4.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9422 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID d3c56af69a13 Credits Michael Dyrna Required privilege Administrator...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.5 bugfix release

Red Hat Developer Hub 1.2.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

python-werkzeug: user may execute code on a developer's machine

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows...

WordPress StreamWeasels Online Status Bar Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels Online Status Bar Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11438 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8a75c1958227 Credits Peter...

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 948953d35f1c Credits Dogus Demirkiran...

WordPress WPFunnels Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10792 Patch priority Medium CVSS severity Medium 7.1 Developer WPFunnels Team PSID b1c17399226b Credits Nathan calysteon Require...

WordPress Dino Game Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Dino Game Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11388 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3063a938b1ce Credits SOPROBRO Required privilege...

WordPress MailMunch – Grow your Email List Plugin <= 3.1.8 is vulnerable to Cross Site Scripting (XSS)

Software MailMunch – Grow your Email List Type Plugin Vulnerable versions = 3.1.8 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8735 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f0fbbdecd42 Credits...

WordPress CM Table Of Contents – WordPress TOC Plugin Plugin < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software CM Table Of Contents – WordPress TOC Plugin Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5029 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7d80877428bb...