WordPress Zoho Marketing Automation Plugin <= 1.2.7 is vulnerable to SQL Injection

Software Zoho Marketing Automation Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37225 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c6d98be82212 Credits LVT-tholv2k Required privilege...

WordPress Book Landing Page Theme <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Book Landing Page Type Theme Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37230 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b75fbc99c1f0 Credits Dhabaleshwar Das...

WordPress Themify – WooCommerce Product Filter Plugin <= 1.4.9 is vulnerable to SQL Injection

Software Themify – WooCommerce Product Filter Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6027 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0ec8ecf4ef08 Credits Arkadiusz Hydzik Required...

WordPress Falang multilanguage Plugin <= 1.3.51 is vulnerable to Cross Site Request Forgery (CSRF)

Software Falang multilanguage Type Plugin Vulnerable versions = 1.3.51 Fixed in 1.3.52 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37240 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 118e700fa296 Credits Dhabaleshwar...

GHSA-9GXX-58Q6-42P7 Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version = v0.17.0 to be protected. References Detailed blog post:...

CVE-2023-3353

Rejected reason: REJECT Developer patched two issues with a single patch, so only one CVE is necessary. Please use CVE-2023-3352...

Malicious code in tyk-developer-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6830a4dad414db435db7f758c7ca9a035d4571a5f4e1053c017e1ee603629e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1647 Malicious code in tyk-developer-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6830a4dad414db435db7f758c7ca9a035d4571a5f4e1053c017e1ee603629e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37210 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02abd7b980c0 Credits Majed Refaea Required...

WordPress The Plus Addons for Elementor Pro Plugin <= 5.5.6 is vulnerable to Cross Site Scripting (XSS)

Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5344 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 01ee398507f7 Credits...

WordPress WP SVG images Plugin <= 4.2 is vulnerable to Cross Site Scripting (XSS)

Software WP SVG images Type Plugin Vulnerable versions = 4.2 Fixed in 4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5945 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b632fc271b3 Credits Colin Xu Required privilege...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37092 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID cd47aa6df162 Credits Rafie Muhammad Patchstack...

WordPress Popup box Plugin <= 4.5.1 is vulnerable to Broken Access Control

Software Popup box Type Plugin Vulnerable versions = 4.5.1 Fixed in 4.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37096 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID aaf62ab75160 Credits Abdi Pranata Required privile...

WordPress Branda Plugin <= 3.4.17 is vulnerable to Cross Site Scripting (XSS)

Software Branda Type Plugin Vulnerable versions = 3.4.17 Fixed in 3.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5191 Patch priority Low CVSS severity Low 6.5 Developer WPMU DEV PSID 0611cd830c6c Credits wesley wcraft Required privilege Autho...

WordPress Tabs Plugin <= 4.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Type Plugin Vulnerable versions = 4.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca26fed23f5 Credits Jean Tirstan T Required privilege Administrator...

WordPress The Plus Addons for Elementor Pro Plugin <= 5.5.6 is vulnerable to Local File Inclusion

Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5455 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7768d7567cf0 Credits wesley wcraft Required...

WordPress Newspack Blocks Plugin <= 3.0.8 is vulnerable to Sensitive Data Exposure

Software Newspack Blocks Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37115 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4f21501b4dac Credits Rafie Muhammad Patchstack...

WordPress Hide Dashboard Notifications Plugin <= 1.3 is vulnerable to Broken Access Control

Software Hide Dashboard Notifications Type Plugin Vulnerable versions = 1.3 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1955 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 47605ad93239 Credits Francesco Carlucci...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.8 is vulnerable to Sensitive Data Exposure

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.8 Fixed in 3.5.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-24709 Patch priority Low CVSS severity Low 7.5 Developer WP Lab PSID 227921a369c8 Credits Aman Rawat Required privileg...

WordPress WP Child Theme Generator Plugin <= 1.1.1 is vulnerable to Broken Access Control

Software WP Child Theme Generator Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3610 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0ee7eb453287 Credits Lucio Sá Requir...