WordPress MultiManager WP Plugin <= 1.0.5 is vulnerable to Broken Authentication

Software MultiManager WP Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.1.0 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-11028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e81dabfc85 Credits shaman0x01 Required privilege...

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

This Week in Spring - November 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...

WordPress RSS Feed Widget Plugin < 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software RSS Feed Widget Type Plugin Vulnerable versions 3.0.1 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9835 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a28316c34943 Credits Bob Matyas Required...

KLA77107 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET and Visual Studio...

WordPress MPG Plugin <= 4.0.2 is vulnerable to Path Traversal

Software MPG Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-10672 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 3c7693c48068 Credits Arkadiusz Hydzik Required privilege Editor...

WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Redirect & Thank You Page Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10685 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b725076f7fcb...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release

Red Hat Developer Hub 1.3.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

WordPress Master Addons for Elementor Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.6.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52387 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fab3ef01c18f Credits Michael Required privilege...

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...

WordPress W3SPEEDSTER Plugin <= 7.25 is vulnerable to Cross Site Request Forgery (CSRF)

Software W3SPEEDSTER Type Plugin Vulnerable versions = 7.25 Fixed in 7.27 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-52392 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 547b19ebfd17 Credits Le Ngoc Anh Required privilege...

WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52383 Patch priority High CVSS severity High 7.5 Developer Claim...

WordPress ZIJ KART Plugin <= 1.1 is vulnerable to Local File Inclusion

Software ZIJ KART Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52381 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 026490b9e405 Credits stealthcopter Required privilege Unauthenticated...

WordPress Picsmize Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Picsmize Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52380 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 741a66180c37 Credits stealthcopter Required privilege Unauthenticated...

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

WordPress WPLMS Theme <= 4.962 is vulnerable to Path Traversal

Software WPLMS Type Theme Vulnerable versions = 4.962 Fixed in 4.963 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10470 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 63557cc0ea32 Credits Foxyyy Required privilege Unauthenticated Published 8...

WordPress WP Membership Plugin <= 1.6.2 is vulnerable to Arbitrary File Upload

Software WP Membership Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10547 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 06e3f08b54a5 Credits Tonn Required privilege Unauthenticated...

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

WordPress Envo Extra Plugin <= 1.9.3 is vulnerable to Sensitive Data Exposure

Software Envo Extra Type Plugin Vulnerable versions = 1.9.3 Fixed in 1.9.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10770 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c74e911b1aae Credits Francesco Carlucci Required privilege...

WordPress Registrations for the Events Calendar Plugin < 2.12.4 is vulnerable to Cross Site Scripting (XSS)

Software Registrations for the Events Calendar Type Plugin Vulnerable versions 2.12.4 Fixed in 2.12.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7982 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 576ddc99ad72...