JVN#13113728: "EasyRange" may insecurely load executable files

"EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides ...

WordPress WordPress Importer Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Importer Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30201 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 79212c825fed Credits Dimas Maulana Required...

WordPress Podlove Podcast Publisher Plugin <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29915 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b5b45e01eae Credits Dimas Maulana Require...

WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.6 Fixed in 2.29.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92274a8f9656 Credits Webbernaut...

WordPress Schema Pro Plugin < 2.7.16 is vulnerable to Broken Access Control

Software Schema Pro Type Plugin Vulnerable versions 2.7.16 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1564 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68dac5194d9b Credits Scott Kingsley Clark Required...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29932 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 391da759025d Credits Yudisti...

WordPress Co-marquage service-public.fr Plugin <= 0.5.72 is vulnerable to Cross Site Scripting (XSS)

Software Co-marquage service-public.fr Type Plugin Vulnerable versions = 0.5.72 Fixed in 0.5.73 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29758 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54a2401a71ec Credits Yudistira Arya...

WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1697 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 655df2bce9e7...

WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e415424c3ca8 Credits LVT-tholv2k...

WordPress CoBlocks Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Software CoBlocks Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c31aa15ef7d9 Credits Webbernaut Required privilege...

WordPress Web Icons Plugin <= 1.0.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Web Icons Type Plugin Vulnerable versions = 1.0.0.10 Fixed in 1.0.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29933 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92c4582be5aa Credits LVT-tholv2k Required privilege...

WordPress Church Admin Plugin <= 4.1.17 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.1.17 Fixed in 4.1.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30193 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID 239d5fd65793 Credits CatFather Required privilege...

WordPress Easy Social Feed Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.3 Fixed in 6.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30180 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2b851d6fb10 Credits LVT-tholv2k Required privilege...

WordPress New RoyalSlider Plugin <= 3.4.2 is vulnerable to Cross Site Scripting (XSS)

Software New RoyalSlider Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30195 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 586b18a145b1 Credits Rafie Muhammad Patchstack Requir...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.01 Fixed in 2.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29791 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bea274e4e958 Credits Le Ngoc Anh Requir...

WordPress PropertyHive Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29923 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 660abe1d978c Credits Yudistira Arya Required privilege...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29777 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 4c3587917921 Credits Rafie Muhammad Patchstack Required privile...

WordPress WooCommerce Clover Payment Gateway Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software WooCommerce Clover Payment Gateway Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c0aefba99a Credits Francesco...

WordPress WP Post Disclaimer Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Post Disclaimer Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29761 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 45270e929eab Credits LVT-tholv2k Required privilege...

WordPress MyBookTable Bookstore Plugin <= 3.3.7 is vulnerable to Cross Site Scripting (XSS)

Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.7 Fixed in 3.3.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-29772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4a056c5d251 Credits CatFather Required...