7378 matches found
WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0790 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f8d9bc304588 Credits Francesco Carlucci Required...
WordPress Accessibility Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Accessibility Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24705 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8ca8558b0216 Credits Nguyen Xuan Chien...
WordPress PilotPress Plugin <= 2.0.30 is vulnerable to Broken Access Control
Software PilotPress Type Plugin Vulnerable versions = 2.0.30 Fixed in 2.0.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23524 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 0d381f1b6d73 Credits Nguyen Xuan Chien Required...
WordPress WC Marketplace Plugin <= 4.0.25 is vulnerable to Broken Access Control
Software WC Marketplace Type Plugin Vulnerable versions = 4.0.25 Fixed in 4.0.26 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24703 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 7837c53d253a Credits Le Ngoc Anh Required...
WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Content Injection
Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-23522 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b82c61d4e6f0 Credits Revan Arifio Required privilege...
WordPress Ultra Companion Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Software Ultra Companion Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24803 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 27efb6397cad Credits Ray Wilson Required privilege...
Mozilla: Privilege escalation through devtools
The Mozilla Foundation Security Advisory describes this flaw as: A malicious devtools extension could have been used to escalate privileges...
Apple warns of “privacy and security threats” after EU requires it to allow sideloading
Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store sideloading. These drastic changes are brought about to comply with the European Union’s EU Digital Markets Act DMA. The Digital Markets Act DMA establish...
WordPress ACF Photo Gallery Field Plugin <= 2.6 is vulnerable to Broken Access Control
Software ACF Photo Gallery Field Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23518 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90b02382eae5 Credits Abdi Pranata Required...
WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control
Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...
WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection
Software ProductX – Gutenberg WooCommerce Blocks Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-23512 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID fa4448964e74 Credits Yudistira Arya...
WordPress PopupAlly Plugin <= 2.1.0 is vulnerable to Broken Access Control
Software PopupAlly Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23520 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a577e748f483 Credits Abdi Pranata Required privile...
WordPress Instant Images Plugin <= 6.1.0 is vulnerable to Broken Access Control
Software Instant Images Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0869 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 5f84c56450a0 Credits Sean Murphy Required...
WordPress Allow SVG Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Allow SVG Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1ff41df5c9e Credits Bob Matyas Required privilege...
WordPress Exclusive Addons Elementor Plugin <= 2.6.8 is vulnerable to Cross Site Scripting (XSS)
Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.8 Fixed in 2.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0823 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6855edff42bb Credits Webbernaut...
WordPress Dragfy Addons for Elementor Plugin <= 8.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Dragfy Addons for Elementor Type Plugin Vulnerable versions = 8.3.1 Fixed in 8.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0448 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 80155176471b Credits Webbernaut...
WordPress WP-Reply Notify Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP-Reply Notify Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-7195 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7401ece8f5d0 Credits Daniel Ruf Required...
WordPress illi Link Party! Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software illi Link Party! Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7228 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b55b2b2efd50 Credits Bob Matyas Required...
DEBIAN-CVE-2024-0810
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to Sensitive Data Exposure
Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.9 Fixed in 0.1.0.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-23506 Patch priority High CVSS severity High 7.7 Developer InstaWP PSID 77d7b68d9038 Credits Majed Refaea Required...