WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control

Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...

WordPress Chained Quiz Plugin <= 1.3.2.8 is vulnerable to Broken Access Control

Software Chained Quiz Type Plugin Vulnerable versions = 1.3.2.8 Fixed in 1.3.2.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37921 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 76baa1346d76 Credits Manab Jyoti Dowarah Required...

WordPress Houzez CRM Plugin <= 1.4.2 is vulnerable to SQL Injection

Software Houzez CRM Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5792 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 666665555649 Credits István Márton Required privilege Seller Published 9 Jul...

WordPress Squelch Tabs and Accordions Shortcodes Plugin <= 0.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Squelch Tabs and Accordions Shortcodes Type Plugin Vulnerable versions = 0.4.8 Fixed in 0.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5946 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b92bc9205697 Credits...

CVE-2024-39743

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172...

PT-2024-28657 · Ibm · Ibm Mq Container Developer Edition +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 IBM MQ Container Developer Edition affected versions not specified Description: The issue is caused by incorrect memory de-allocation, leading to a denial of service. A remote attacker could explo...

Exploit for Path Traversal in Splunk

CVE-2024-36991: Path traversal that affects Splunk Enterprise...

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37549 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5b92af9f47f3 Credits Cronus Required privile...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37515 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 4539c5a9e2c2 Credits LVT-tholv2k...

WordPress Spectra Plugin <= 2.13.7 is vulnerable to Broken Access Control

Software Spectra Type Plugin Vulnerable versions = 2.13.7 Fixed in 2.13.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37517 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dc287e0a3ecb Credits Rafie Muhammad Patchstack Required...

WordPress Bakes And Cakes Theme <= 1.2.6 is vulnerable to Broken Access Control

Software Bakes And Cakes Type Theme Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37496 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1a64d1962d4 Credits Dhabaleshwar Das Required...

WordPress Livemesh Addons for Elementor Plugin <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3638 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c5eeeb75963 Credits Webbernaut...

WordPress Rara Business Theme <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Rara Business Type Theme Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37937 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 36fd5a858830 Credits Dhabaleshwar Das...

WordPress The Post Grid Plugin <= 7.7.4 is vulnerable to Broken Access Control

Software The Post Grid Type Plugin Vulnerable versions = 7.7.4 Fixed in 7.7.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37481 Patch priority Medium CVSS severity Medium 6.5 Developer Mamunur Rashid PSID eb5b996e0113 Credits Rafie Muhammad Patchstack...

WordPress IMGspider Plugin <= 2.3.10 is vulnerable to Arbitrary File Upload

Software IMGspider Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6319 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 7f35690ce29e Credits István Márton Required privilege...

WordPress BookYourTravel Theme <= 8.18.17 is vulnerable to Privilege Escalation

Software BookYourTravel Type Theme Vulnerable versions = 8.18.17 Fixed in 8.18.19 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37952 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8b015f16ebdc Credits Dave Jong Patchstack...

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.1.3 is vulnerable to Local File Inclusion

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-37501 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 09c35e44898b Credits João Pedro S Alcântar...

WordPress YAHMAN Add-ons Plugin <= 0.9.28 is vulnerable to Backdoor

Software YAHMAN Add-ons Type Plugin Vulnerable versions = 0.9.28 Fixed in 0.9.29 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26c7f39721f9 Credits Sansec.io Required privilege Unauthenticated Published 3 July,...

WordPress WPJAM Basic Plugin <= 6.6.2 is vulnerable to Backdoor

Software WPJAM Basic Type Plugin Vulnerable versions = 6.6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Denishua PSID 1065bbb5d5e9 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

WordPress YITH WooCommerce Affiliates Plugin <= 3.8.0 is vulnerable to Backdoor

Software YITH WooCommerce Affiliates Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer YITH PSID 6b928027e13c Credits Sansec.io Required privilege Unauthenticated Published 3 July,...