WordPress Advanced Custom Fields Plugin <= 6.3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6.2 Fixed in 6.3.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fb0621a063a9 Credits Duc Luong Tran Required privilege...

WordPress Nextend Social Login Pro Plugin <= 3.1.14 is vulnerable to Broken Authentication

Software Nextend Social Login Pro Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-9893 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7fe16af79d00 Credits wesley wcraft...

WordPress Job Board Manager for WordPress Plugin <= 1.0 is vulnerable to Privilege Escalation

Software Job Board Manager for WordPress Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-49322 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d9004d540adc Credits João Pedro S...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Arbitrary File Upload

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49291 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ca91d1c3c8bf Credits RE-ALTER Required privilege Unauthenticated...

WordPress CURCY Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software CURCY Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49283 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a6bd022fc477 Credits Dimas Maulana Required privilege...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8918 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 8b2de26c1b42 Credits TANG Cheuk Hei siunam Required privile...

Pixel Update Bulletin—October 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-10-05 or later address all issues in this bulletin and all issues in the October 2024 Android...

WordPress Point Maker Plugin <= 0.1.4 is vulnerable to Local File Inclusion

Software Point Maker Type Plugin Vulnerable versions = 0.1.4 Fixed in 0.1.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-49317 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID c1446754dc54 Credits theviper17 Required privilege Contributor...

WordPress GiveWP Plugin <= 3.16.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.3 Fixed in 3.16.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9634 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID a33794a83e6f Credits lefab Required privilege Unauthenticated...

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Broken Access Control

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8746 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 037debfe30cc Credits TANG Cheuk Hei siunam...

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49281 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 953e712df67a Credits...

WordPress Accordion Slider Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Accordion Slider Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9582 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 14d97d769a8a Credits Muhammad Adel ItsFadi...

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49289 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bde6da8a46e5 Credits RE-ALTER Required privilege Contributor...

WordPress Edwiser Bridge Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Edwiser Bridge Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49311 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 21963ed8844c Credits Muhammad Daffa Required privilege...

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific...

WordPress Da Reactions Plugin <= 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Da Reactions Type Plugin Vulnerable versions = 5.1.5 Fixed in 5.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49255 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e927ad34c153 Credits Khalid Yusuf Required privilege Contribut...

WordPress Htaccess File Editor Plugin <= 1.0.18 is vulnerable to Broken Access Control

Software Htaccess File Editor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6dd94150ebc Credits savphill Require...

WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...

WordPress Plexx Elementor Extension Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Plexx Elementor Extension Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d2192b71a7de Credits Khalid Yusuf Required...