WordPress Email Subscribers & Newsletters Plugin <= 5.7.23 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.23 Fixed in 5.7.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5756 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4253637a6eb3 Credits Arkadiusz Hydzik Required...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e361f4846097 Credits Majed Refaea Required privilege...

WordPress User Profile Picture Plugin <= 2.6.1 is vulnerable to Broken Access Control

Software User Profile Picture Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f06c42237928 Credits JoanClarke2 Required...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Sensitive Data Exposure

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37113 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d824367bab60 Credits Dave Jong Patchstack...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37214 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6c5e8ef725e0 Credits Majed Refaea Required privilege...

WordPress License Manager for WooCommerce Plugin <= 3.0.6 is vulnerable to Sensitive Data Exposure

Software License Manager for WooCommerce Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b1e43ddb6ac Credits Lucio Sá...

WordPress Responsive video embed Plugin < 0.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Responsive video embed Type Plugin Vulnerable versions 0.5.1 Fixed in 0.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5475 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 325ee9be976d Credits Felipe Caon Require...

WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication

Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...

WordPress Depicter Slider Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f1ad707b2c Credits Arkadiusz Hydzik Required...

WordPress Master Slider Plugin <= 3.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Master Slider Type Plugin Vulnerable versions = 3.9.10 Fixed in 3.10.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50900 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e2a39371f6f9 Credits LVT-tholv2k Require...

WordPress Media Library Assistant Plugin <= 3.16 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.16 Fixed in 3.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5605 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a2ffbb62fd66 Credits Krzysztof Zając Required privilege Contribut...

WordPress Wheel of Life Plugin <= 1.1.7 is vulnerable to Broken Access Control

Software Wheel of Life Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3627 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 68abc18dc3c6 Credits Lucio Sá Required privilege...

WordPress Sirv Plugin <= 7.2.6 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.6 Fixed in 7.2.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-5853 Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID b8d1b016bf81 Credits Lucio Sá Required privilege Contributor Published 18 June,...

WordPress WordPress Picture / Portfolio / Media Gallery Plugin <= 3.0.1 is vulnerable to Server Side Request Forgery (SSRF)

Software WordPress Picture / Portfolio / Media Gallery Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5021 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 4f6e62e03ba9 Credits...

WordPress WP Magazine Modules Lite Plugin <= 1.1.2 is vulnerable to Local File Inclusion

Software WP Magazine Modules Lite Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5574 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 60f52a06449e Credits stealthcopter Required privilege...

WordPress MIMO Woocommerce Order Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MIMO Woocommerce Order Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5768 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 17c034ea51f0 Credits Luci...

WordPress Salon booking system Plugin <= 10.2 is vulnerable to Arbitrary File Upload

Software Salon booking system Type Plugin Vulnerable versions = 10.2 Fixed in 10.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3229 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73c749725728 Credits Gibran Abdillah Required privilege...

Security Bulletin: A remote execution vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. A remote execution of arbitrary commands vulnerability affecting Node.js has been published in this security bulletin. This bulletin...

Heap Buffer Overflow

LibYAML is vulnerable to Heap buffer overflow. The vulnerability is due to the lack of proper initialization of the emitter when yamlemitteremit is called without yamlemitterinitialize. An attacker can exploit this vulnerability by providing specially crafted inputs to trigger the overflow,...

WordPress Greenshift – animation and page builder blocks Plugin <= 8.8.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Greenshift – animation and page builder blocks Type Plugin Vulnerable versions = 8.8.9.1 Fixed in 8.9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb212ed9cc65 Credits João...