WordPress PowerPress Podcasting Plugin <= 11.9.10 is vulnerable to Cross Site Scripting (XSS)

Software PowerPress Podcasting Type Plugin Vulnerable versions = 11.9.10 Fixed in 11.9.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6588 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a26d6217fa24 Credits Webbernaut...

WordPress Website Content in Page or Post Plugin < 2024.04.09 is vulnerable to Cross Site Scripting (XSS)

Software Website Content in Page or Post Type Plugin Vulnerable versions 2024.04.09 Fixed in 2024.04.09 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2430 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4eb2dd387d32 Credits...

WordPress Inline Related Posts Plugin < 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Inline Related Posts Type Plugin Vulnerable versions 3.7.0 Fixed in 3.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5626 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e490330be604 Credits Dmitrii Ignatye...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

BIT-NODE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

CVE-2024-5257

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

CVE-2024-5257 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

WordPress Link Library Plugin <= 7.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38711 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 426040e94ba8 Credits LVT-tholv2k Required privilege...

WordPress Zoho Campaigns Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Zoho Campaigns Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-38752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 48112379bb70 Credits Majed Refaea Required...

WordPress JSON Content Importer Plugin <= 1.5.6 is vulnerable to Server Side Request Forgery (SSRF)

Software JSON Content Importer Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.6.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-38723 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID f916d2cf2c68 Credits...

WordPress Secure Copy Content Protection and Content Locking Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Secure Copy Content Protection and Content Locking Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6138 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 386e7454f8d8...

WordPress MBE eShip Plugin <= 2.1.2 is vulnerable to Sensitive Data Exposure

Software MBE eShip Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-38742 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID df94a639a0f7 Credits Joshua Chan...

WordPress WP Photo Album Plus Plugin <= 8.8.02.002 is vulnerable to Cross Site Scripting (XSS)

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.02.002 Fixed in 8.8.02.003 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38713 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5e63f89a72a3 Credits stealthcopter...

WordPress Uncanny Automator Pro Plugin <= 5.3 is vulnerable to Cross Site Scripting (XSS)

Software Uncanny Automator Pro Type Plugin Vulnerable versions = 5.3 Fixed in 5.3.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37117 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9c1cb610bb3a Credits Dave Jong Patchstack...

GitLab 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-5257)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may hav...

WordPress Quiz And Survey Master Plugin < 9.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.0.5 Fixed in 9.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6025 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 041e8eaa0b85 Credits Dmitrii Ignatyev...

WordPress GD Rating System Plugin <= 3.6 is vulnerable to Local File Inclusion

Software GD Rating System Type Plugin Vulnerable versions = 3.6 Fixed in 3.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-38709 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 96b344704167 Credits João Pedro S Alcântara Kinorth Required...

WordPress WP Fast Total Search Plugin <= 1.68.232 is vulnerable to Broken Access Control

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.68.232 Fixed in 1.69.234 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38714 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 00f4bc37a87e Credits Majed Refaea Required...

WordPress ExS Widgets Plugin <= 0.3.1 is vulnerable to Local File Inclusion

Software ExS Widgets Type Plugin Vulnerable versions = 0.3.1 Fixed in 0.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88483868fd84 Credits João Pedro S Alcântara Kinorth...

WordPress Booking Ultra Pro Plugin <= 1.1.13 is vulnerable to Local File Inclusion

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A5: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-38717 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c00579e5a889 Credits Ananda Dhakal...