WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5324 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8315f4731f19 Credits 1337Wannabe - home Requir...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

WordPress Social Link Pages Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Link Pages Type Plugin Vulnerable versions = 1.6.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3555 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d1f020a1aca Credits Lucio Sá Required...

WordPress Admin Notices Manager Plugin <= 1.4.0 is vulnerable to Broken Access Control

Software Admin Notices Manager Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1717 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95224798df4d Credits Lucio Sá Required privilege...

MAL-2024-1513 Malicious code in developer-integrity1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24aecacebeaf253088760161715d22f5ff77c66ecae6b73d9d1a9b984bbf8de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in developer-integrity2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87499b0a5443852246ee964cc3d558e39a3f77a688484835c1e33524e1c6fce1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1514 Malicious code in developer-integrity2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87499b0a5443852246ee964cc3d558e39a3f77a688484835c1e33524e1c6fce1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in developer-integrity1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24aecacebeaf253088760161715d22f5ff77c66ecae6b73d9d1a9b984bbf8de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1512 Malicious code in developer-integrity-avishek (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5cb52fb483ad0e308286bf5982001d04d48d1f0a2f9e6f5123dbe6933680fa5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdo...

WordPress Responsive Theme <= 5.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Type Theme Vulnerable versions = 5.0.3 Fixed in 5.0.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35654 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c102ae479f0d Credits stealthcopter Required privilege Contribut...

WordPress Advanced Custom Fields PRO Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1daa59fd8d88 Credits Scott Kingsley Clark...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Emergency Password Reset Plugin <= 8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Emergency Password Reset Type Plugin Vulnerable versions = 8.0 Fixed in 9.0 OWASP Top 10 A8: Software and Data Integrity Failures Classification Cross Site Request Forgery CSRF CVE CVE-2024-35648 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cd74213ad8d6 Credits...

WordPress wpDataTables Plugin <= 6.3.1 is vulnerable to SQL Injection

Software wpDataTables Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.3.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3820 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 85631b10c84a Credits villu164 Required privilege Unauthenticated Publish...

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1802)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

RHEL 8 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - The...

WordPress Elements For Elementor Plugin <= 2.1 is vulnerable to Local File Inclusion

Software Elements For Elementor Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5348 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 9e9484637a31 Credits stealthcopter Required privilege...