WordPress Smart Custom Fields Plugin <= 4.2.2 is vulnerable to Broken Access Control

Software Smart Custom Fields Type Plugin Vulnerable versions = 4.2.2 Fixed in 5.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1995 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 99da3594bae9 Credits Lucio Sá Required privileg...

WordPress Social Media Share Buttons Plugin <= 2.1.0 is vulnerable to PHP Object Injection

Software Social Media Share Buttons Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-2721 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 6b7330720e7c Credits Dimas Maulana Required privilege...

WordPress s2Member Pro Plugin <= 230815 is vulnerable to Sensitive Data Exposure

Software s2Member Pro Type Plugin Vulnerable versions = 230815 Fixed in 240315 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0899 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2b01d6ca4fd7 Credits Francesco Carlucci Required...

WordPress Qi Addons For Elementor Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0826 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID 2d3d74026644 Credits Webbernaut...

WordPress Fancy Product Designer Plugin < 6.1.5 is vulnerable to SQL Injection

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0365 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8a2fcc7e3e05 Credits Ivan Spiridonov Required privilege...

WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2538 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 50143df9543f Credits Muhammad Zeeshan...

Important: Red Hat Enhancement Advisory: Red Hat Developer Hub 1.1 release

Red Hat Developer Hub 1.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

WordPress Ultimate Gift Cards For WooCommerce Plugin <= 2.6.6 is vulnerable to Broken Access Control

Software Ultimate Gift Cards For WooCommerce Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1857 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ac4726115ec6 Credits Krzysztof...

WordPress MyCurator Content Curation Plugin <= 3.76 is vulnerable to Cross Site Scripting (XSS)

Software MyCurator Content Curation Type Plugin Vulnerable versions = 3.76 Fixed in 3.77 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29139 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f5416935cfa3 Credits LVT-tholv2k Required...

WordPress Elements kit Elementor addons Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6525 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 35435cff32ec Credits Ulyses Saicha Requir...

WordPress Knight Lab Timeline Plugin <= 3.9.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Knight Lab Timeline Type Plugin Vulnerable versions = 3.9.3.3 Fixed in 3.9.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2287 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a18014776421 Credits Tien Luong...

WordPress Better Search Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Better Search Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29142 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8395a45f6b09 Credits Abdi Pranata Required privilege...

WordPress Advanced Access Manager Plugin <= 6.9.20 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Access Manager Type Plugin Vulnerable versions = 6.9.20 Fixed in 6.9.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29124 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bab97a68bf4d Credits Delbert Giovanni Lie Require...

WordPress RegistrationMagic Plugin <= 5.2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.5.9 Fixed in 5.2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29113 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b3c2c9a16dfd Credits Yudistira Arya Required...

WordPress WooCommerce Google Feed Manager Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29112 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a47ab0c3a92d Credits Joshua Chan Required...

WordPress Post SMTP Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29128 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID d4415453cdb3 Credits Le Ngoc Anh Required privilege Unauthenticat...

Online-College-Event-Hall-Reservation-System SQL Injection Vulnerability

Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. Online-College-Event-Hall-Reservation-System suffers from a SQL...

WordPress Contact Forms by Cimatti Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29117 Patch priority Medium CVSS severity Medium 7.1 Developer Cimatti Consulting PSID 36dba4c9e5f8 Credits Joshua Chan Required...

WordPress WP Calameo Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Calameo Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6c0b84991b1 Credits Ray Wilson Required privilege Contributor...

Surya Developer Hostel Management Service Access Control Error Vulnerability

Surya Developer Hostel Management Service is an accommodation management service from Surya Developer India. An access control error vulnerability exists in Surya Developer Hostel Management Service version 1.0, which stems from an access control error vulnerability in the file...