WordPress Shared Counts Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Shared Counts Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9dd902d0b809 Credits N/A Required privilege Unauthenticated...

WordPress SKT Addons for Elementor Plugin <=1.8 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions =1.8 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 346a6441540d Credits 4rCanJ0x! Required privilege...

WordPress Content Blocks (Custom Post Widget) Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Content Blocks Custom Post Widget Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34566 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c437cf336c56 Credits Ngô Thiên An ancorn...

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and...

WordPress Auto Affiliate Links Plugin <= 6.4.3.1 is vulnerable to SQL Injection

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3.1 Fixed in 6.4.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-34386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 901e8da7d177 Credits Do Truong Giang Required privilege Editor...

WordPress SliceWP Plugin <=1.1.10 is vulnerable to Cross Site Scripting (XSS)

Software SliceWP Type Plugin Vulnerable versions =1.1.10 Fixed in 1.1.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34413 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c46a4aefe49b Credits Manab Jyoti Dowarah Required privilege...

WordPress raindrops Theme <= 1.600 is vulnerable to Cross Site Scripting (XSS)

Software raindrops Type Theme Vulnerable versions = 1.600 Fixed in 1.700 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34414 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d4e3ff80bd8c Credits stealthcopter Required privilege Contributor...

WordPress Simple Basic Contact Form Plugin <= 20221201 is vulnerable to Cross Site Scripting (XSS)

Software Simple Basic Contact Form Type Plugin Vulnerable versions = 20221201 Fixed in 20240502 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4150 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56d60208321f Credits...

WordPress Simple Membership Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.4.5 Fixed in 4.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4383 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 39626d5eed25 Credits wesley wcraft Required...

WordPress Testimonial Slider Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Slider Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4193 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9c9e113bbfe1 Credits Krzysztof Zając...

WordPress Login with phone number Plugin <= 1.7.18 is vulnerable to Broken Access Control

Software Login with phone number Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34371 Patch priority Low CVSS severity Low 4.3 Developer Hamid Alinia PSID 42d051f8202b Credits Dhabaleshwar Das...

WordPress Download Alt Text AI Plugin <=1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Download Alt Text AI Type Plugin Vulnerable versions =1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34366 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 15bd973c927c Credits Manab Jyoti Dowarah Required...

WordPress Last Viewed Posts by WPBeginner Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Last Viewed Posts by WPBeginner Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3070 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1e1e21bf8373 Credits Francesco Carlucci Requir...

WordPress Restaurant and Cafe Theme <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Restaurant and Cafe Type Theme Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34379 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97da5caaa5b4 Credits Dhabaleshwar Das...

WordPress SEOPress Plugin <= 7.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software SEOPress Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-34383 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7ca57d342ecd Credits Peng Zhou Required...

WordPress PropertyHive Plugin <= 2.0.10 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34381 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5b461efce659 Credits LVT-tholv2k Required privilege...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34378 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID da872f96f681 Credits Majed Refaea Required privilege...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2023 Critical Patch...

WordPress Supreme Modules Lite Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Supreme Modules Lite Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db7cdff0f72f Credits Webbernaut Required...

WordPress WP Recipe Maker Plugin <= 9.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.3.1 Fixed in 9.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5ee8e6ab9022 Credits stealthcopter Required...