WordPress Quiz And Survey Master Plugin < 9.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.0.5 Fixed in 9.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6025 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 041e8eaa0b85 Credits Dmitrii Ignatyev...

WordPress EazyDocs Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software EazyDocs Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 35c7ee4ff86c Credits Khalid Yusuf Required privilege Contributor...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.6.1 is vulnerable to SQL Injection

Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38708 Patch priority High CVSS severity High 8.5 Developer DMitry PSID 81055d795069 Credits justakazh Required...

WordPress MakeStories (for Google Web Stories) Plugin <= 3.0.3 is vulnerable to Arbitrary File Download

Software MakeStories for Google Web Stories Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-38746 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 40afb38048ba Credits Majed...

WordPress Event post Plugin <= 5.9.5 is vulnerable to Local File Inclusion

Software Event post Type Plugin Vulnerable versions = 5.9.5 Fixed in 5.9.6 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-38735 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e99c6808576 Credits Emili Castells Required privilege...

The Stark Truth Behind the Resurgence of Russia’s Fin7

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands o...

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

WordPress UltraAddons Elementor Lite Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software UltraAddons Elementor Lite Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6acf063eea46 Credits stealthcopter...

CVE-2024-6612

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...

WordPress WPCS Plugin <= 1.2.0.3 is vulnerable to Content Injection

Software WPCS Type Plugin Vulnerable versions = 1.2.0.3 Fixed in 1.2.0.4 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-38700 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b3604018b32 Credits stealthcopter Required privilege Unauthenticat...

WordPress WP GoToWebinar Plugin <= 15.7 is vulnerable to Cross Site Scripting (XSS)

Software WP GoToWebinar Type Plugin Vulnerable versions = 15.7 Fixed in 15.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38671 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 29881e679cbd Credits Majed Refaea Required privilege...

WordPress Sky Addons for Elementor Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38687 Patch priority Low CVSS severity Low 6.5 Developer Shahidul Islam PSID d7729ac64aec Credits Khalid Yusuf Required privileg...

WordPress Booking Ultra Pro Plugin <= 1.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38676 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5502b7d4c80c Credits LVT-tholv2k Required privilege...

WordPress CodePen Embedded Pens Shortcode Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software CodePen Embedded Pens Shortcode Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 012982f72b9c Credits Jean Tirstan T Require...

Number withdrawn

Please is a sudo clone by ed neville personal developer. This CVE number has been withdrawn...

WordPress SKT Addons for Elementor Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38674 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 02254511f638 Credits 4rCanJ0x! Required privilege...

WordPress Team Members Plugin <= 5.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions = 5.3.3 Fixed in 5.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38670 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0e47f407025 Credits Jean Tirstan T Required privilege...

WordPress Tutor LMS Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37947 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54e1794329a4 Credits justakazh Required privilege editor and Tuto...

CVE-2024-6612

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2024-6612

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...