WordPress Activity Reactions For Buddypress Plugin <= 12.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Activity Reactions For Buddypress Type Plugin Vulnerable versions = 12.5.0 Fixed in 12.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4892 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a3e1e0166ec Credit...

WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software DiviTorque – Divi Theme, Divi Builder and Extra Theme Type Plugin Vulnerable versions = 3.6.6 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

KLA68912 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual Studio can be exploited remotely to gai...

(RHSA-2024:3780) Important: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.4.SP2)

An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available RHBQ 3.8.4.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products: CVE-2022-34169 xalan:...

WordPress Custom Field Template Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Template Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0627 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 79102f5cc8d6 Credits Luk 6785 Required...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...

WordPress TablePress Plugin <= 2.3.1 is vulnerable to Server Side Request Forgery (SSRF)

Software TablePress Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-4354 Patch priority Low CVSS severity Low 6.4 Developer TablePress PSID e683cfb42286 Credits Tobias Weißhaar kun19 Required privilege...

WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...

WordPress GDPR CCPA Compliance Support Plugin <= 2.7.0 is vulnerable to Cross Site Scripting (XSS)

Software GDPR CCPA Compliance Support Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5607 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 298f3a902d63 Credits Lucio...

WordPress SKT Addons for Elementor Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5091 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81d64b5eccce Credits stealthcopter...

WordPress Salon booking system Plugin <= 9.9 is vulnerable to Broken Access Control

Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4468 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 495ce87718e9 Credits JoanClarke2 Required privile...

WordPress WP Reset Plugin <= 2.01 is vulnerable to Broken Access Control

Software WP Reset Type Plugin Vulnerable versions = 2.01 Fixed in 2.03 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4661 Patch priority Low CVSS severity Low 4.3 Developer WebFactory Ltd. PSID 7f5481b63727 Credits Foxyyy Required privilege Subscriber...

WordPress Music Store Plugin <= 1.1.13 is vulnerable to SQL Injection

Software Music Store Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A3: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 3ee22c619ee0 Credits Noriko Totsuka JPCERT/CC Required privilege Unauthenticated...

WordPress WooCommerce Tools Plugin <= 1.2.9 is vulnerable to Broken Access Control

Software WooCommerce Tools Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd5e30ec3dbb Credits Lucio Sá Required privilege...

WordPress Auto Coupons for WooCommerce Plugin <= 3.0.14 is vulnerable to Cross Site Scripting (XSS)

Software Auto Coupons for WooCommerce Type Plugin Vulnerable versions = 3.0.14 Fixed in 3.0.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35733 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1b70ed246f0c Credits Le Ngoc Anh...

WordPress Widget Options Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure

Software Widget Options Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35690 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 47a57087030e Credits Dave Jong Patchstack Require...

WordPress The Post Grid Plugin <= 7.7.1 is vulnerable to Cross Site Scripting (XSS)

Software The Post Grid Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35739 Patch priority Low CVSS severity Low 6.5 Developer Mamunur Rashid PSID 3801d97a66a9 Credits SouzaZinn Required privilege Contributor...

WordPress Visualizer Plugin <= 3.11.1 is vulnerable to SQL Injection

Software Visualizer Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-35736 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a8a01c7cac74 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

WordPress Countdown & Clock Plugin <= 2.7.8 is vulnerable to PHP Object Injection

Software Countdown & Clock Type Plugin Vulnerable versions = 2.7.8 Fixed in 2.7.8.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2017 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e293306cdd98 Credits Lucio Sá Required privilege...