WordPress Geo Controller Plugin <= 8.7.3 is vulnerable to Broken Access Control

Software Geo Controller Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7380 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c241dd8210b8 Credits Lucio Sá Required privilege...

WordPress RD Station Plugin <= 5.3.2 is vulnerable to Cross Site Scripting (XSS)

Software RD Station Type Plugin Vulnerable versions = 5.3.2 Fixed in 5.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6894 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32a1d7bae015 Credits Webbernaut Required privilege...

WordPress Ivory Search Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Ivory Search Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.5.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6835 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cb7652ee4cde Credits stealthcopter Required...

RUSTSEC-2024-0386 strason is unmaintained

strason will no longer be maintained as declared by the developer. The project has been archived...

strason is unmaintained

strason will no longer be maintained as declared by the developer. The project has been archived...

hwloc is unmaintained

hwloc will no longer be maintained as declared by the developer. The project has been archived without an issue...

bcc is unmaintained

bcc will no longer be maintained as declared by the developer. Users are recommended to use libbpf-rs instead. See libbpf-rs...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Arbitrary File Download

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8104 Patch priority High CVSS severity High 7.7 Developer WP Extended PSID 9fb5e1b755dd Credits...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Sensitive Data Exposure

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8106 Patch priority Medium CVSS severity Medium 6.5 Developer WP Extended PSID 027663c0c476...

WordPress WC Marketplace Plugin <= 4.2.0 is vulnerable to Privilege Escalation

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8289 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 9025ce00a31d Credits wesley...

WordPress PixelYourSite PRO Plugin <= 10.4.2 is vulnerable to Sensitive Data Exposure

Software PixelYourSite PRO Type Plugin Vulnerable versions = 10.4.2 Fixed in 10.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7870 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c3722df4917d Credits Xetnus Required...

WordPress Sign-up Sheets Plugin < 2.2.13 is vulnerable to Cross Site Scripting (XSS)

Software Sign-up Sheets Type Plugin Vulnerable versions 2.2.13 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6020 Patch priority Medium CVSS severity Medium 7.1 Developer Fetch Designs PSID 65a76cb93247 Credits Bob Matyas Required...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

WordPress WP Job Portal Plugin <= 2.1.6 is vulnerable to Broken Access Control

Software WP Job Portal Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7950 Patch priority High CVSS severity High 9.8 Developer Ahmad PSID 3162f7bd55ec Credits Connor Billings Required privilege...

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

WordPress Share This Image Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Share This Image Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8108 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ce0f588ce2a5 Credits Francesco Carlucci Requir...

WordPress Tutor LMS Pro Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5784 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53b4f2fddbc0 Credits Thanh Nam Tran Required...

WordPress Web Directory Free Plugin < 1.7.3 is vulnerable to Local File Inclusion

Software Web Directory Free Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3673 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4fbe470a086 Credits Simone Onofri Kim Cerra Andrea De...

WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...

WordPress Betheme Theme <= 27.5.6 is vulnerable to PHP Object Injection

Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in 27.5.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2694 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 8e134812d3a9 Credits Francesco Carlucci Required privilege...