WordPress Spiffy Calendar Plugin <= 4.9.12 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.12 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43969 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7bc8db74206e Credits Certus Cybersecurity Required privilege...

WordPress Favicon Generator Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Favicon Generator Type Plugin Vulnerable versions 2.1 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7863 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 2e8a0fbb5efb Credits Daniel Ruf Required...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

WordPress Ninja Tables Plugin <= 5.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7304 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a12833da3c4c Credits wesley wcraft Required...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eb3754a5f963 Credits Sajjad Ahmad jacksparrow Required...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d47df2666851 Credits Sajjad Ahmad jacksparro...

WordPress Xpro Elementor Addons Plugin <= 1.4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.4.3 Fixed in 1.4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7791 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 93f87661de72 Credits WordFence...

WordPress JobSearch Plugin <= 2.5.3 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A5: Security Misconfiguration Classification PHP Object Injection CVE CVE-2024-43931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b092052f063 Credits Ananda Dhakal Patchstack...

WordPress Shield Security Plugin < 20.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions 20.0.6 Fixed in 20.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7313 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df05c396b592 Credits Krugov Artyom...

WordPress Envira Photo Gallery Plugin <= 1.8.14 is vulnerable to Broken Access Control

Software Envira Photo Gallery Type Plugin Vulnerable versions = 1.8.14 Fixed in 1.8.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c53eb2407a8 Credits Rafie Muhammad...

WordPress Greenshift Query and Meta Addon Plugin < 3.9.2 is vulnerable to SQL Injection

Software Greenshift Query and Meta Addon Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43942 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 13adc6d175b5 Credits Dave Jong Patchstack Required...

WordPress Greenshift Woocommerce Addon Plugin < 1.9.8 is vulnerable to SQL Injection

Software Greenshift Woocommerce Addon Type Plugin Vulnerable versions 1.9.8 Fixed in 1.9.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43943 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 998dac6720c9 Credits Dave Jong Patchstack Required...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...

WordPress JobSearch Plugin <= 2.5.4 is vulnerable to Broken Access Control

Software JobSearch Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43929 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7bad1c217a2 Credits Ananda Dhakal Patchstack...

WordPress WP Armour Extended Plugin <= 1.26 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Armour Extended Type Plugin Vulnerable versions = 1.26 Fixed in 1.32 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43947 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c5ec96f385ed Credits Dave Jong Patchsta...

WordPress MaxButtons Plugin <= 9.7.8 is vulnerable to Sensitive Data Exposure

Software MaxButtons Type Plugin Vulnerable versions = 9.7.8 Fixed in 9.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6499 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c468e4e161ae Credits stealthcopter Required privileg...

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Broken Access Control

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edc9e66e9cf4 Credits Lucio Sá Required...

A Bootiful Podcast: Vaadin developer advocacy legend Marcus Hellberg

Hi, Spring fans! In this installment, I talk to Vaadin developer advocacy legend Marcus Hellberg about the lates-and-greatest in the wide and wonderful world of Spring...

WordPress User Private Files Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software User Private Files Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7848 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f9aa46f01a Credits Peter Thaleikis Required...