WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35764 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID ef4f8b581e9b Credits Ngô Thiên An ancorn from VNPT-VCI Required...

update Security Vulnerabilities

update is a library from Aaron's personal developer. A security vulnerability exists in update version 1.0.0, which originates from easy prototype contamination via update/index.js...

WordPress Excellent Theme <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Excellent Type Theme Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35763 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85c92164ea82 Credits stealthcopter Required privilege Contributor...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-27982...

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-4551 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 0a0b54f79834 Credits Foxyyy Required privilege Contributor Publishe...

Number withdrawn

Soar Cloud HR Portal is a human resources application from Soar Cloud, Inc.HR is a human resources management system from Brad Wenqiang Personal Developer. This CVE number has been withdrawn...

WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...

WordPress Popup Builder Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2544 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 4d2b92dba351 Credits Alex Thomas Required...

WordPress Folders Plugin <= 3.0 is vulnerable to Path Traversal

Software Folders Type Plugin Vulnerable versions = 3.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-2023 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 79dd420f62c9 Credits Colin Xu Required privilege Author...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.38 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.38 Fixed in 3.2.39 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4863 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 422e929006f1 Credits...

WordPress Folders Pro Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software Folders Pro Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2024 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 56270bd65a1a Credits Colin Xu Required privilege Author Publish...

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4258 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9418bfa5fb03 Credits WordFence Required privilege Unauthenticated...

WordPress CoDesigner WooCommerce Builder for Elementor Plugin <= 4.4.1 is vulnerable to PHP Object Injection

Software CoDesigner WooCommerce Builder for Elementor Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4371 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 9f42107c9934 Credits Francesco Carluc...

A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google

Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and Google...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.22 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.22 Fixed in 5.7.23 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4845 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 382e424feada Credits Arkadiusz Hydzik Required...

WordPress Newsletter - API addon (Premium) Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Newsletter - API addon Premium Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5674 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f2621f00fec2 Credits Arkadiusz...

Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilit...

WordPress Premium Addons for Elementor Plugin <= 4.10.33 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.33 Fixed in 4.10.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5553 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 89dccdfaef3d Credits wesley wcraft...

WordPress Left right image slideshow gallery Plugin <= 1.8.1 is vulnerable to SQL Injection

Software Left right image slideshow gallery Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5543 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 26f19037ceb8 Credits Krzysztof Zając Required...