WordPress EmbedPress Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 86a2108fb08b Credits Yudistira Arya Required privilege...

WordPress Masterstudy Elementor Widgets Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Masterstudy Elementor Widgets Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-37091 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c3068c566a95 Credits Rafie Muhammad...

WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...

WordPress Create by Mediavine Plugin <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Create by Mediavine Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5601 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID ca91d82db3a3 Credits Krzysztof Zając Required...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 2.4.7 is vulnerable to Cross Site Scripting (XSS)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 2.4.7 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37259 Patch priority Medium CVSS severity Medium 7.1 Developer WP Extended PSID 6e88ac2a1e7f Credits Yudisti...

WordPress File Manager Plugin <= 7.2.7 is vulnerable to Broken Access Control

Software File Manager Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37254 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64eee288cde4 Credits Rafie Muhammad Patchstack Requir...

WordPress Kadence Blocks Pro Plugin < 2.3.8 is vulnerable to Broken Access Control

Software Kadence Blocks Pro Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1330 Patch priority Low CVSS severity Low 4.3 Developer KadenceWP PSID 0488c91e76be Credits Scott Kingsley Clark Required...

WordPress WP-Lister Lite for Amazon Plugin <= 2.6.16 is vulnerable to Cross Site Scripting (XSS)

Software WP-Lister Lite for Amazon Type Plugin Vulnerable versions = 2.6.16 Fixed in 2.6.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37261 Patch priority Medium CVSS severity Medium 7.1 Developer WP Lab PSID 6ad653dd30ed Credits Le Ngoc Anh Required privileg...

WordPress ARI Fancy Lightbox Plugin <= 1.3.14 is vulnerable to Cross Site Scripting (XSS)

Software ARI Fancy Lightbox Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID c2fee65eb87c Credits Yudistira...

WordPress Elements kit Elementor addons Plugin <= 3.1.4 is vulnerable to Broken Access Control

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37255 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b0cbfbfccc4f Credits Rafie Muhammad Patchstack...

WordPress Spotify Play Button Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Spotify Play Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81b0c1de1aa9 Credits Bob Matyas Required...

WordPress Wrapper Link Elementor Plugin 1.0.2,1.0.3 is vulnerable to Backdoor

Software Wrapper Link Elementor Type Plugin Vulnerable versions 1.0.2,1.0.3 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73ed028987ed Credits WordFence Required privilege Unauthenticate...

WordPress Contact Form 7 Multi-Step Addon Plugin 1.0.4-1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions 1.0.4-1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 210ed7e4774a Credits WordFence Required privilege...

WordPress Social Warfare Plugin 4.4.6.4-4.4.7.1 is vulnerable to Backdoor

Software Social Warfare Type Plugin Vulnerable versions 4.4.6.4-4.4.7.1 Fixed in 4.4.7.3 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 29aedd9dc6eb Credits WordFence Required privilege Unauthenticated...

WordPress Logo Manager For Enamad Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4757 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 134c5c763311 Credits Bob Matyas...

Important: Red Hat Enhancement Advisory: Red Hat Developer Hub 1.2 release

Red Hat Developer Hub 1.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27980)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...

WordPress Sparkle Demo Importer Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Sparkle Demo Importer Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6120 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 65191ad4a953 Credits Lucio Sá Required...

WordPress Newspack Newsletters Plugin <= 2.13.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newspack Newsletters Type Plugin Vulnerable versions = 2.13.2 Fixed in 2.13.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8f54e12bc4ce Credits Rafie Muhamm...

WordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Broken Access Control

Software Kanban Boards for WordPress Type Plugin Vulnerable versions = 2.5.21 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37226 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06ba84554f72 Credits LVT-tholv2k Requir...