WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.74 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.74 Fixed in 2.2.76 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30441 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4841a04f2615 Credits Rafie Muhammad...

WordPress Sponsors Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Sponsors Type Plugin Vulnerable versions = 3.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30483 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fb48b8770a30 Credits Ray Wilson Required privilege Contributor...

WordPress Finale Lite Plugin <= 2.18.0 is vulnerable to Remote Code Execution (RCE)

Software Finale Lite Type Plugin Vulnerable versions = 2.18.0 Fixed in 2.18.1 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-30485 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 351260d95e05 Credits Yudistira Arya Required...

WordPress Tumult Hype Animations Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30461 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 98402ce486d0 Credits Majed...

WordPress Elementor Addon Elements Plugin <= 1.13.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.1 Fixed in 1.13.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30422 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID 6bbfb63942b1 Credits Khalid Yusuf Required privilege...

WordPress Tumult Hype Animations Plugin <= 1.9.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-30460 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c704327afb62 Credits Majed Refaea...

WordPress Events Manager Plugin <= 6.4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.7.1 Fixed in 6.4.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5294cf8d915 Credits Tim Coen Required...

WordPress GamiPress Plugin <= 6.8.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software GamiPress Type Plugin Vulnerable versions = 6.8.5 Fixed in 6.8.6 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-30455 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7284ec56cbcf Credits Ananda Dhakal Patchstack Requir...

WordPress Element Pack Elementor Addons Plugin <= 5.5.3 is vulnerable to SQL Injection

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30496 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3d0133376896 Credits Rafie Muhammad Patchstack Required...

WordPress Bold Page Builder Plugin <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30442 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88e9753be091 Credits savphill Required privilege...

WordPress Church Admin Plugin <= 4.1.18 is vulnerable to Broken Access Control

Software Church Admin Type Plugin Vulnerable versions = 4.1.18 Fixed in 4.1.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30505 Patch priority Medium CVSS severity Medium 5.4 Developer Andy Moyle PSID 4be0d3ba3cb9 Credits CatFather Required privilege...

WordPress YITH WooCommerce Account Funds Premium Plugin <= 1.33.0 is vulnerable to Broken Access Control

Software YITH WooCommerce Account Funds Premium Type Plugin Vulnerable versions = 1.33.0 Fixed in 1.34.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30470 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c87cc5ed5cea Credit...

WordPress RT Easy Builder – Advanced addons for Elementor Plugin <= 2.0 is vulnerable to Broken Access Control

Software RT Easy Builder – Advanced addons for Elementor Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30484 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 63af1e863062 Credits...

WordPress Paid Memberships Pro – Payfast Gateway Add On Plugin <= 1.4.1 is vulnerable to Sensitive Data Exposure

Software Paid Memberships Pro – Payfast Gateway Add On Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-30514 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

WordPress Simple Ajax Chat Plugin <= 20231101 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ajax Chat Type Plugin Vulnerable versions = 20231101 Fixed in 20240216 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2956 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1403f71c8e2b Credits Fourcade Required...

Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers

Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

CVE-2024-28033

OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy...