WordPress Open edX LMS Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Open edX LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52452 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 991dc17302e9 Credits Mika Required privilege Unauthenticat...

GHSA-577P-7J7H-2JGF Deserialization of Untrusted Data in dompdf/dompdf

DomPDF before version 2.0.0 is vulnerable to PHAR PHP Archive deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file...

CVE-2021-3838 PHAR Deserialization in dompdf/dompdf

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...

WordPress BulkPress Plugin <= 0.3.5 is vulnerable to Cross Site Scripting (XSS)

Software BulkPress Type Plugin Vulnerable versions = 0.3.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9615 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 569ddc3d9617 Credits vgo0 Required privilege...

WordPress Jobs for WordPress Plugin < 2.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions 2.7.8 Fixed in 2.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10104 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 470159fcd95b Credits Krugov Artyom Required...

WordPress WordPress Video Robot - The Ultimate Video Importer Plugin <= 1.20.0 is vulnerable to SQL Injection

Software WordPress Video Robot - The Ultimate Video Importer Type Plugin Vulnerable versions = 1.20.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52431 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 535a5d7fd7c2 Credits Bonds Requir...

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation

Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...

Introducing new Amazon Q Developer plugin for Wiz

New plugin enables AWS and Wiz customers to leverage generative AI to improve their cloud security posture...

WordPress Automation By Autonami Plugin < 3.3.0 is vulnerable to SQL Injection

Software Automation By Autonami Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9186 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0bc9c96e6168 Credits y4ng0615 Required privilege Unauthenticated...

WordPress Essential Addons for Elementor Plugin <= 6.0.9 is vulnerable to Sensitive Data Exposure

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 6.0.9 Fixed in 6.0.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8978 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID 5531066a3b56 Credits wesley wcraft...

WordPress WPvivid Backup and Migration Plugin <= 0.9.107 is vulnerable to PHP Object Injection

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.107 Fixed in 0.9.108 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10962 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID b2861821d90b Credits Webbernaut Required...

WordPress CSV to html Plugin <= 3.06 is vulnerable to Arbitrary File Upload

Software CSV to html Type Plugin Vulnerable versions = 3.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52406 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f31bd5d837b7 Credits stealthcopter Required privilege Subscriber...

WordPress CF7 Reply Manager Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload

Software CF7 Reply Manager Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52404 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ea9af17f6366 Credits stealthcopter Required privilege...

WordPress Themify Builder Plugin <= 7.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f592b7b1efcd Credits João Pedro S Alcântara Kinorth Required...

WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

WordPress Kognetiks Chatbot for WordPress Plugin <= 2.1.7 is vulnerable to Broken Access Control

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10530 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 918318d433d6 Credits Tieu Pham Tro...

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...

WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection

Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...

WordPress Xin Theme <= 1.0.8.1 is vulnerable to PHP Object Injection

Software Xin Type Theme Vulnerable versions = 1.0.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52412 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID da7dd1423a5a Credits Mika Required privilege Unauthenticated Published 13...