WordPress Where Did You Hear About Us Checkout Field for WooCommerce Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Where Did You Hear About Us Checkout Field for WooCommerce Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2752 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress ARMember Plugin <= 4.0.30 is vulnerable to Open Redirection

Software ARMember Type Plugin Vulnerable versions = 4.0.30 Fixed in 4.0.31 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-4133 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 1161444e8597 Credits Krzysztof Zając Required privilege Unauthenticated...

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app...

WordPress Share This Image Plugin <= 1.98 is vulnerable to Open Redirection

Software Share This Image Type Plugin Vulnerable versions = 1.98 Fixed in 1.99 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-33930 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 8ff8b7f51b08 Credits stealthcopter Required privilege Unauthenticate...

WordPress Jeg Elementor Kit Plugin <= 2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3819 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ed7ecaed8c2 Credits wesley wcraft Required...

WordPress Timetable and Event Schedule Plugin <= 2.4.11 is vulnerable to SQL Injection

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.4.11 Fixed in 2.4.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3342 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 0319575418d1 Credits Krzysztof Zając Required privilege...

WordPress AJAX Login and Registration modal popup + inline form Plugin <= 2.23 is vulnerable to Cross Site Scripting (XSS)

Software AJAX Login and Registration modal popup + inline form Type Plugin Vulnerable versions = 2.23 Fixed in 2.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33918 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID ea1aeec00d87...

WordPress Analytify Plugin <= 5.2.3 is vulnerable to Broken Access Control

Software Analytify Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1809 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ab2e692a810a Credits Lucio Sá Required privilege Subscrib...

WordPress CPO Companion Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPO Companion Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33916 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 57daf6c77a1b Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Embed Google Fonts Plugin <= 3.1.0 is vulnerable to Broken Access Control

Software Embed Google Fonts Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a530cac3d37a Credits Abdi Pranata Required...

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

GHSA-VX97-8Q8Q-QGQ5 Mattermost's detailed error messages reveal the full file path

Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...

WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 667860bc9aac Credits cyc707 Required...

WordPress PPOM for WooCommerce Plugin <= 32.0.18 is vulnerable to Arbitrary File Upload

Software PPOM for WooCommerce Type Plugin Vulnerable versions = 32.0.18 Fixed in 32.0.19 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3962 Patch priority High CVSS severity High 10 Developer Claim ownership PSID e45867d8f81a Credits andrea bocchetti Required...

WordPress WP SMTP Plugin 1.2 - 1.2.6 is vulnerable to SQL Injection

Software WP SMTP Type Plugin Vulnerable versions 1.2 - 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1789 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID cf0dba8db665 Credits Christiaan Swiers YouGina Required privilege...

WordPress Sassy Social Share Plugin < 3.3.61 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.61 Fixed in 3.3.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2159 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e895f7060f3 Credits Dmitrii Ignatyev...

WordPress Radio Station Plugin <= 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Radio Station Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abbc08921ba2 Credits Dhabaleshwar Das...

WordPress SSL Mixed Content Fix Plugin <= 3.2.6 is vulnerable to Broken Access Control

Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11237d78fd75 Credits Dhabaleshwar Das Requir...

WordPress Fancy Product Designer Plugin < 6.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.8 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0905 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fb94dea6052 Credits Bob Matyas...

WordPress Zeever Theme <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zeever Type Theme Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 920f9a11d3ed Credits Dhabaleshwar Das Required...