WordPress Clean Retina Theme <= 3.0.6 is vulnerable to Local File Inclusion

Software Clean Retina Type Theme Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50436 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e56d05b5bd53 Credits tahu.datar Required privilege Unauthenticate...

WordPress BuddyPress Plugin <= 14.1.0 is vulnerable to Directory Traversal

Software BuddyPress Type Plugin Vulnerable versions = 14.1.0 Fixed in 14.2.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10011 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 06408034e9a6 Credits Domons Required privilege Subscriber Publish...

WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Broken Access Control

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dab4da2d17f Credits Tieu Pham Trong Nhan Required...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.43 is vulnerable to Sensitive Data Exposure

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.43 Fixed in 1.6.44 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10050 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 22957639a0e5...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9865 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2193c9ee308 Credits zer0gh0st Required...

WordPress Terms descriptions Plugin <= 3.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Terms descriptions Type Plugin Vulnerable versions = 3.4.6 Fixed in 3.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9374 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8fca607d99fe Credits vgo0 Required...

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell SSH protocol. The packages attempt to "gain SSH access to the victim's machine by...

This Week in Spring - October 22nd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring. I write this to you in an Uber speeding down the autobahn near Frankfurt, Germany. What a time to be alive! At the rate this driver's going, I won't have much time to write this before we've arrived, so let's dive right into...

WordPress Download Plugin Plugin <= 2.2.0 is vulnerable to Broken Access Control

Software Download Plugin Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9829 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da1ab1cf4af2 Credits WordFence Required...

WordPress WooCommerce Order Proposal Plugin <= 2.0.5 is vulnerable to Broken Authentication

Software WooCommerce Order Proposal Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9927 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d873b6f7fa89 Credit...

WordPress Rover IDX Plugin <= 3.0.0.2903 is vulnerable to Broken Access Control

Software Rover IDX Type Plugin Vulnerable versions = 3.0.0.2903 Fixed in 3.0.0.2905 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b090aab193c Credits István Márton Required...

WordPress Bet WC 2018 Russia Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Bet WC 2018 Russia Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49637 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f4d264180c24 Credits Le Ngoc Anh Required privilege...

WordPress Risk Warning Bar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Risk Warning Bar Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49638 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 36cfba44579b Credits Mika Required privilege...

WordPress DocumentPress Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software DocumentPress Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9ccb703f5e18 Credits Mika Required privilege Unauthenticate...

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9589 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c6a133f113d Credits István...

WordPress News Kit Elementor Addons Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure

Software News Kit Elementor Addons Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9541 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1aff69c2a359 Credits Nishiv Required...

WordPress WP-Members Plugin <= 3.4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software WP-Members Type Plugin Vulnerable versions = 3.4.9.5 Fixed in 3.4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9231 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0e4e11a3431f Credits vgo0 Required...

WordPress Simple Custom Admin Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Custom Admin Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49647 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3970364b5682 Credits Mika Required privilege...

WordPress Woocommerce Custom Profile Picture Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software Woocommerce Custom Profile Picture Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49658 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID a92aac6ed113 Credits stealthcopter Required...

WordPress HD Quiz – Save Results Light Plugin <= 0.5 is vulnerable to Broken Access Control

Software HD Quiz – Save Results Light Type Plugin Vulnerable versions = 0.5 Fixed in 0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 904268a13b03 Credits Fariq Fadillah Gusti...