7377 matches found
WordPress Giveaways and Contests by RafflePress Plugin <= 1.12.4 is vulnerable to Broken Access Control
Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions = 1.12.4 Fixed in 1.12.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4745 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 632d49d4c2a4 Credits...
WordPress Porto Theme - Functionality Plugin <= 3.1.0 is vulnerable to Local File Inclusion
Software Porto Theme - Functionality Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05d6982e8315 Credits István Márton Required privileg...
WordPress CF7 WOW Styler Plugin <= 1.6.4 is vulnerable to Broken Access Control
Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34826 Patch priority Medium CVSS severity Medium 6.3 Developer Tobias PSID 6b711e00da8c Credits Dhabaleshwar Das Required privile...
WordPress Import and export users and customers Plugin <= 1.26.5 is vulnerable to Broken Access Control
Software Import and export users and customers Type Plugin Vulnerable versions = 1.26.5 Fixed in 1.26.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34815 Patch priority Low CVSS severity Low 5.4 Developer Codection PSID 57826da19f4c Credits emad Requir...
WordPress Pure Chat Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS)
Software Pure Chat Type Plugin Vulnerable versions = 2.22 Fixed in 2.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3595 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ddb44562eab6 Credits Lucio Sá Required privileg...
WordPress SportsPress – Sports Club & League Manager Plugin <= 2.7.20 is vulnerable to Broken Access Control
Software SportsPress – Sports Club & League Manager Type Plugin Vulnerable versions = 2.7.20 Fixed in 2.7.21 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2f441ec415dc Credits...
WordPress Porto Theme <= 7.1.0 is vulnerable to Local File Inclusion
Software Porto Type Theme Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3806 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 98785fd04b6f Credits István Márton Required privilege Unauthenticated...
WordPress Meow Gallery Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Meow Gallery Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff273a246878 Credits Krzysztof Zając Required...
WordPress Contact List – Easy Business Directory, Staff Directory and Address Book Plugin Plugin <= 2.9.87 is vulnerable to Broken Access Control
Software Contact List – Easy Business Directory, Staff Directory and Address Book Plugin Type Plugin Vulnerable versions = 2.9.87 Fixed in 2.9.88 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34821 Patch priority Low CVSS severity Low 5.3 Developer...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Orac...
CVE-2024-32980
CVE-2024-32980 affects Spin prior to 2.4.3. Specifically configured Spin applications that use self requests without a URL authority can be induced to make requests to arbitrary hosts via the Host header. Vulnerable conditions include: routing requests based on URL rather than Host while preservi...
WordPress Visual Footer Credit Remover Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Visual Footer Credit Remover Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2846 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 265b4eed7803 Credits 1337Wannabe...
Remote Code Execution (RCE)
werkzeug is vulnerable to Remote Code Execution. The vulnerability is due to the debugger accepting requests from non localhost locations, which allows an attacker to execute arbitrary code under specific situations. The prerequisites to this attack are the attacker must convince a developer into...
WordPress Fancy Elementor Flipbox Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS)
Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34572 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6fdd1efa32f5 Credits Khalid Yusuf Required privileg...
WordPress Himalayas Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Himalayas Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd02f673cbfe Credits stealthcopter Required privilege Contributor...
WordPress WP Photo Album Plus Plugin <= 8.7.01.001 is vulnerable to Arbitrary File Upload
Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.01.001 Fixed in 8.7.01.002 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31377 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6676bd224b42 Credits stealthcopter Required...
WordPress WP Job Manager Plugin <= 2.2.2 is vulnerable to Sensitive Data Exposure
Software WP Job Manager Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-34549 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 76cb5788a42c Credits Peng Zhou Required privilege...
WordPress Ultimate Store Kit Elementor Addons Plugin <= 2.0.3 is vulnerable to PHP Object Injection
Software Ultimate Store Kit Elementor Addons Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-4606 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 46e7a74eebcc Credits Ray Wilson Requir...
WordPress Zotpress Plugin <= 7.3.9 is vulnerable to Cross Site Scripting (XSS)
Software Zotpress Type Plugin Vulnerable versions = 7.3.9 Fixed in 7.3.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34569 Patch priority Low CVSS severity Low 6.5 Developer Katie Seaborn PSID 7fcedeab8bd4 Credits LVT-tholv2k Required privilege Contributor...
WordPress Gold Addons for Elementor Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)
Software Gold Addons for Elementor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34563 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ec8bc999d21 Credits Khalid Yusuf Required...