WordPress Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads Plugin <= 2.0.84 is vulnerable to Broken Access Control

Software Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads Type Plugin Vulnerable versions = 2.0.84 Fixed in 2.0.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47317 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3ea101b7f4e3...

WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Privilege Escalation

Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8349 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 0a9f41b67f...

WordPress VR Calendar Plugin <= 2.4.0 is vulnerable to Local File Inclusion

Software VR Calendar Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44013 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e489bf6197d Credits tahu.datar Required privilege Unauthenticate...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.3 is vulnerable to SQL Injection

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.3 Fixed in 1.3.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8624 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 72c934040045 Credits Krzysztof Zając...

WordPress NiceJob Plugin < 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software NiceJob Type Plugin Vulnerable versions 3.6.5 Fixed in 3.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44025 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID afa3856f254d Credits stealthcopter Required privilege Contributor...

WordPress Seriously Simple Stats Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Seriously Simple Stats Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8738 Patch priority Medium CVSS severity Medium 7.1 Developer Castos PSID f8f850e73781 Credits vgo0 Required...

WordPress WPSPX Plugin <= 1.0.2 is vulnerable to Local File Inclusion

Software WPSPX Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44034 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 14fb489d8c25 Credits tahu.datar Required privilege Unauthenticated...

WordPress Checkout Mestres WP Plugin <= 8.6 is vulnerable to Local File Inclusion

Software Checkout Mestres WP Type Plugin Vulnerable versions = 8.6 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44030 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 15bf1846430c Credits tahu.datar Required privilege...

JVN#57749899: The installer of e-Tax software(common program) vulnerable to privilege escalation

The installer of e-Tax softwarecommon program provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry CWE-268. Impact A malicious DLL prepared by an attacker may be...

WordPress Contact Form 7 Campaign Monitor Extension Plugin <= 0.4.67 is vulnerable to Broken Access Control

Software Contact Form 7 Campaign Monitor Extension Type Plugin Vulnerable versions = 0.4.67 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44019 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 11a927ecc073 Credits Abdi...

Apache Struts 2.0.0 < 2.3.18 RCE (S2-008)

The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by a vulnerability as referenced in the S2-008 advisory. - The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute...

Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...

WordPress Quiz And Survey Master Plugin < 9.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.1.3 Fixed in 9.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8758 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f4eb044984c Credits Dmitrii Ignatyev...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.64 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.64 Fixed in 4.9.65 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44040 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 74a00a678aaf Credits SOPROBRO...

WordPress WP Abstracts Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Abstracts Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44045 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d042c5d49f7e Credits jsjp Required privilege Administrator...

RHSA-2023:1064 Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update

Bulletin has no description...

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

CVE-2024-45816

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 relea...

CVE-2024-45496

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An...