Surya Developer Hostel Management Service Cross-Site Request Forgery Vulnerability

Surya Developer Hostel Management Service is an accommodation management service from Surya Developer India. A cross-site request forgery vulnerability exists in Surya Developer Hostel Management Service version 1.0, which stems from a cross-site request forgery CSRF vulnerability in the file...

WordPress MJM Clinic Plugin <= 1.1.22 is vulnerable to Cross Site Scripting (XSS)

Software MJM Clinic Type Plugin Vulnerable versions = 1.1.22 Fixed in 1.1.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3af8c5b59be8 Credits Faizal Abroni Required privilege Editor...

WordPress SupportCandy Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software SupportCandy Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27991 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64d8fa37173c Credits Mochamad Sofyan Required privilege...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.5.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27994 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 8464da6f5a09 Credits Yudistira Arya Required...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Directory Traversal

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE CVE-2024-1974 Patch priority Low CVSS severity Low 7.7 Developer HTMega PSID 6d7e2f2731f2 Credits Webbernaut Required privilege Contributor Publish...

EulerOS Virtualization 2.10.0 : python-configobj (EulerOS-SA-2024-1388)

According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...

WordPress HUSKY Plugin <= 1.3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.1 Fixed in 1.3.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 938e3d425755 Credits Bassem Essam Required privileg...

WordPress HUSKY Plugin <= 1.3.5.2 is vulnerable to SQL Injection

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.2 Fixed in 1.3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1795 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID afec36a17d5a Credits WordFence Required privilege Contributor Published 14...

WordPress oik Plugin <= 4.10.0 is vulnerable to Cross Site Scripting (XSS)

Software oik Type Plugin Vulnerable versions = 4.10.0 Fixed in 4.10.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2256 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c1c9316e65f Credits Francesco Carlucci Required...

WordPress ShopLentor Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 64f9927062c1 Credits Webbernaut Required privilege...

WordPress UsersWP Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software UsersWP Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb46d3529c97 Credits Krzysztof Zając Required privile...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2023-33850 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...

Spring Tips: Spring Batch Remote Partitioning, your easy button for data scale!

Hi, Spring fans! In this installment, Spring Developer Advocate Josh Long looks at how to use Spring Batch's remote partitioning support to easy-button your data processing scale out strategies. postgresql ai datascience data springboot java java21...

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...

WordPress Crisp Plugin <= 0.44 is vulnerable to Cross Site Scripting (XSS)

Software Crisp Type Plugin Vulnerable versions = 0.44 Fixed in 0.45 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27963 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d24f23d72736 Credits stealthcopter Required privilege Subscriber...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Remote Code Execution (RCE)

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-27951 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID e11792cbc705 Credits Majed Refaea Required privilege Editor...

WordPress PropertyHive Plugin <= 2.0.9 is vulnerable to PHP Object Injection

Software PropertyHive Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.0.10 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-27985 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 245763d3996e Credits CatFather Required privilege Subscribe...

WordPress Related Posts for WordPress Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Related Posts for WordPress Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0592 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5ec281512 Credits Krzyszto...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.8 Fixed in 2.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27953 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 036319de798f...

WordPress Prime Slider – Addons For Elementor Plugin <= 3.13.2 is vulnerable to Cross Site Scripting (XSS)

Software Prime Slider – Addons For Elementor Type Plugin Vulnerable versions = 3.13.2 Fixed in 3.13.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1508 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f2721cd17ac Credits...