WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c61745fb42a Credits Keitaro Yamazaki Required...

CVE-2024-47762 Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Backstage is an open framework for building developer portals. Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema...

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in whi...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.0 release

Red Hat Developer Hub 1.3.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software SEOPress Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9225 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 788a715fcbd5 Credits vgo0 Required privilege...

WordPress RabbitLoader Plugin <= 2.21.0 is vulnerable to Cross Site Scripting (XSS)

Software RabbitLoader Type Plugin Vulnerable versions = 2.21.0 Fixed in 2.21.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8800 Patch priority Medium CVSS severity Medium 7.1 Developer RabbitLoader PSID 60a2212deaee Credits vgo0 Required privileg...

WordPress PWA Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software PWA Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c235cb7639b9 Credits Francesco Carlucci Required privileg...

WordPress Demo Importer Plus Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Demo Importer Plus Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9172 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5a7f8043e416 Credits Francesco Carlucci...

WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download

Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...

WordPress Stars Testimonials Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Stars Testimonials Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8989 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b53073d7e5ac Credits Peter Thaleikis...

WordPress AVIF & SVG Uploader Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software AVIF & SVG Uploader Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6e662df81c43 Credits Francesco Carlucci...

WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication

Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

WordPress TNC PDF viewer Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software TNC PDF viewer Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47372 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9e1d9364ffe7 Credits SOPROBRO Required privilege Editor...

WordPress Starbox Plugin < 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.3 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8239 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03e73e132e18 Credits Dmitrii Ignatyev Required privileg...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.13.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.13.0 Fixed in 4.13.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47367 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 4f86ebd3a7b4 Credits Le Ngoc Anh Required...

WordPress WP-Lister Lite for eBay Plugin <= 3.6.3 is vulnerable to Cross Site Scripting (XSS)

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.6.3 Fixed in 3.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47380 Patch priority Medium CVSS severity Medium 7.1 Developer WP Lab PSID 048f66c74b94 Credits Le Ngoc Anh Required privilege...

WordPress Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Plugin <= 1.27 is vulnerable to Cross Site Scripting (XSS)

Software Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin Type Plugin Vulnerable versions = 1.27 Fixed in 1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47647 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aac881dee8e9 Credits...

WordPress EU/UK VAT Manager for WooCommerce Plugin <= 2.12.12 is vulnerable to Broken Access Control

Software EU/UK VAT Manager for WooCommerce Type Plugin Vulnerable versions = 2.12.12 Fixed in 2.12.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9189 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ca5dfbffbcf9 Credits Francesc...

WordPress GTM Server Side Plugin <= 2.1.19 is vulnerable to Cross Site Scripting (XSS)

Software GTM Server Side Type Plugin Vulnerable versions = 2.1.19 Fixed in 2.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8712 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cddfd6eae0a1 Credits vgo0 Required...