WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Privilege Escalation

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-4351 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc3d215c9303 Credits villu164...

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4352 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7694afbc9e58 Credits villu164 Required privilege...

WordPress month name translation benaceur Plugin < 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software month name translation benaceur Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3634 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 56fcc55ec64a Credits Bob Matyas...

WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Local File Inclusion

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34762 Patch priority Low CVSS severity Low 9.9 Developer Claim ownership PSID c63a5562f29a Credits Security audit Required privile...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-3748 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 1c7d92437a35 Credits...

WordPress VikBooking Hotel Booking Engine & PMS Plugin < 1.6.8 is vulnerable to Insecure Direct Object References (IDOR)

Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions 1.6.8 Fixed in 1.6.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2441 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 7959a03a58d4...

WordPress All-in-One Video Gallery Plugin <= 3.6.5 is vulnerable to Local File Inclusion

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.7.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4670 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 402ad478bb5f Credits Ngô Thiên An ancorn Required...

WordPress Download Alt Text AI Plugin <= 1.4.9 is vulnerable to SQL Injection

Software Download Alt Text AI Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4847 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 156a5d33530e Credits Lucio Sá Required privilege Subscriber...

WordPress Borderless Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Borderless Type Plugin Vulnerable versions = 1.5.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34757 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6690481ece90 Credits Khalid Yusuf Required privilege Contributor...

WordPress Sydney Toolbox Plugin <= 1.31 is vulnerable to Cross Site Scripting (XSS)

Software Sydney Toolbox Type Plugin Vulnerable versions = 1.31 Fixed in 1.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4473 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1fd3834832c Credits Ngô Thiên An ancorn Require...

KLA67403 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability can be exploited remotel...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service

Summary Node.js is used by IBM Rational® Application Developer for WebSphere® Software as the SDK and runtime for Apache Cordova projects. CVE-2023-6129,CVE-2024-24806, CVE-2023-5678,CVE-2024-22019,CVE-2023-46809, CVE-2024-0727, CVE-2023-6237,CVE-2024-21892 Vulnerability Details...

RHEL 6 : chromium-browser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - chromium-browser: Heap buffer overflow in clipboard CVE-2020-16025 - chromium-browser: Out of bounds writ...

RHEL 8 : developer_environment (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...

WordPress Sticky banner Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Sticky banner Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b5e466579051 Credits Rayhan Ramdhany Hanaputra Required...

JVN#83405304: "OfferBox" App uses a hard-coded secret key

"OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Impact The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered. Solution The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this...

JVN#61054671: Phormer vulnerable to cross-site scripting

Phormer contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Phormer version 3.35 was released...

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4277 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ad5ee25dcd1 Credits stealthcopter Required...

WordPress Pods Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Pods Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3956 Patch priority Low CVSS severity Low 6.5 Developer Pods Framework PSID dfdffac18c6b Credits wesley wcraft Required privilege...