WordPress All Bootstrap Blocks Plugin <= 1.3.19 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.19 Fixed in 1.3.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43349 Patch priority Low CVSS severity Low 6.5 Developer AREOI PSID 1ee70b8e314c Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress Custom Field For WP Job Manager Plugin <= 1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Custom Field For WP Job Manager Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7049 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3021ad422dd8 Credits...

WordPress WooCommerce Plugin <= 9.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39666 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4e41b7df57a0 Credits stealthcopter Required privilege...

WordPress Relevanssi Plugin <= 4.22.2 is vulnerable to Sensitive Data Exposure

Software Relevanssi Type Plugin Vulnerable versions = 4.22.2 Fixed in 4.23.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7630 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cdb75757e257 Credits stealthcopter Required...

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

WordPress myCred Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43353 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2faf75ac250 Credits LVT-tholv2k Required privilege Contributor...

WordPress Clone Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 92218c2f2d27 Credits Ananda Dhakal Patchstack Required...

WordPress myCred Plugin <= 2.7.2 is vulnerable to PHP Object Injection

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43354 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4c5d0fdee74 Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...

WordPress InPost PL Plugin <= 1.4.4 is vulnerable to Arbitrary File Deletion

Software InPost PL Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-6500 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 35e3c8ad65b3 Credits 1337Wannabe Required privilege...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-34.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

WordPress Element Pack Elementor Addons Plugin <= 5.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7247 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3540915b141a Credits Webbernaut...

WordPress Term And Category Based Posts Widget Plugin < 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Term And Category Based Posts Widget Type Plugin Vulnerable versions 4.9.13 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ddaec10bd6e Credits Dmitrii Ignatyev...

WordPress WP eStore Plugin < 8.5.6 is vulnerable to Cross Site Scripting (XSS)

Software WP eStore Type Plugin Vulnerable versions 8.5.6 Fixed in 8.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6133 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0478cdd4af65 Credits Bob Matyas Required...

KLA71478 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET and Visua...

WordPress WooCommerce Social Login Plugin <= 2.7.5 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-7503 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 23315c373121 Credits Truoc Phan Required...

WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43241 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75c4d13f2043 Credits Rafie Muhammad Patchstack...

Best House Rental Management System 安全漏洞

Best House Rental Management System is a house rental management system by Mayuri K. Individual developer. A security vulnerability exists in Best House Rental Management System version v1.0, which stems from the inclusion of an incorrect access control issue...

WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43239 Patch priority Low CVSS severity Low 4.3 Developer Masteriyo PSID 14f36e53d575 Credits Ananda Dhakal...