WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation

Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...

WordPress ShortPixel Critical CSS Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software ShortPixel Critical CSS Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32810 Patch priority High CVSS severity High 7.6 Developer ShortPixel PSID b4665651b428 Credits Dhabaleshwar Das Require...

WordPress Advanced Testimonial Carousel for Elementor Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Testimonial Carousel for Elementor Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c8e0e158f5 Credits...

WordPress Integrate Google Drive Plugin <= 1.3.9 is vulnerable to Broken Access Control

Software Integrate Google Drive Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.3.91 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32813 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3bec4c127fe1 Credits Steven Julian Require...

WordPress WP Media Category Management Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Media Category Management Type Plugin Vulnerable versions = 2.2 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32950 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 741ef421ce76 Credits Abdi Pranata Required...

WordPress Data Tables Generator by Supsystic Plugin <= 1.10.31 is vulnerable to Broken Access Control

Software Data Tables Generator by Supsystic Type Plugin Vulnerable versions = 1.10.31 Fixed in 1.10.32 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c3d8bb1fd9d8 Credits Steven...

[SECURITY] Fedora 40 Update: yyjson-0.9.0-1.fc40

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C C89 for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...

WordPress Chauffeur Taxi Booking System for WordPress Plugin <= 6.9 is vulnerable to Broken Authentication

Software Chauffeur Taxi Booking System for WordPress Type Plugin Vulnerable versions = 6.9 Fixed in 7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-32692 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 7552e0fad1fd Credits luc...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

WordPress LearnPress Plugin <= 4.2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.4 Fixed in 4.2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3560 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05282d717c17 Credits stealthcopter Required...

WordPress Media Library Folders Plugin <= 8.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.0 Fixed in 8.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3615 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9a730c3a0156 Credits Krzysztof...

WordPress Automatic Plugin < 3.93.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions 3.93.0 Fixed in 3.93.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 83f469455e38 Credits Rafie Muhammad Patchstack...

WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion

Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...

WordPress Click to Chat Plugin <= 3.35 is vulnerable to Local File Inclusion

Software Click to Chat Type Plugin Vulnerable versions = 3.35 Fixed in 4.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3849 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a9b57b69a7e Credits haidv35 from Viettel Cyber Security Required...

[SECURITY] Fedora 39 Update: yyjson-0.9.0-1.fc39

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C C89 for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...

[SECURITY] Fedora 38 Update: yyjson-0.9.0-1.fc38

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C C89 for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...

WordPress MyRewards Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software MyRewards Type Plugin Vulnerable versions = 5.3.0 Fixed in 5.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32688 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4a61d830f2db Credits Emili Castells Required...

WordPress Order Limit for WooCommerce Plugin <= 2.0.0 is vulnerable to Broken Access Control

Software Order Limit for WooCommerce Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32675 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b286d283cb6a Credits Abdi Pranat...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3599 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bea6dcba69bc...

WordPress WP Meta SEO Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6961 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6aa5d92333a8 Credits Krzysztof Zając...