WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload

Software Product Import Export for WooCommerce Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-22152 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 7b62ca7055ba Credits Dateoljo of BoB...

WordPress Import and export users and customers Plugin <= 1.24.6 is vulnerable to Broken Access Control

Software Import and export users and customers Type Plugin Vulnerable versions = 1.24.6 Fixed in 1.24.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-22151 Patch priority Low CVSS severity Low 5.3 Developer Codection PSID 127865efe8c3 Credits emad Requir...

WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 18.5.7 Fixed in 18.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22163 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5c42fda3a58 Credits Yudistira Arya Required...

JVN#51135247: Pleasanter vulnerable to cross-site scripting

Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. Solution Update t...

Ecwid Ecommerce Shopping Cart < 6.12.4 - Missing Authorization on multiple functions

Description The plugin is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple functions in all versions up to, and including, 6.12.3. This makes it possible for authenticated attackers to access developer tool pages...

WordPress WordPress Manutenção Plugin <= 1.0.6 is vulnerable to Bypass Vulnerability

Software WordPress Manutenção Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-22139 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID d419565972b3 Credits Brandon Roldan Required privile...

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Broken Access Control

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b43943b2a15f Credits Francesco Carlucci Required...

WordPress Shortcodes Finder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Finder Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-21750 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0900912a134b Credits Le Ngoc Anh Required privilege...

WordPress Email Encoder Bundle Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7070 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbe9fb4a4a45 Credits Webbernaut Require...

WordPress WP Register Profile With Shortcode Plugin <= 3.5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Register Profile With Shortcode Type Plugin Vulnerable versions = 3.5.9 Fixed in 3.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5448 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 4d4b8ee6f41a Credits...

WordPress Export customers list csv for WooCommerce Plugin <= 2.0.7 is vulnerable to Broken Access Control

Software Export customers list csv for WooCommerce Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e6d6b8682f99 Credits WordFence...

WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure

Software Profile Builder Pro Type Plugin Vulnerable versions = 3.10.0 Fixed in 3.10.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-22141 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6301bb29b09 Credits Dave Jong...

KLA62822 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in NET, .NET...

WordPress Customer Reviews for WooCommerce Plugin <= 5.38.9 is vulnerable to Arbitrary File Upload

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.9 Fixed in 5.38.10 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6979 Patch priority Medium CVSS severity Medium 9.8 Developer Claim ownership PSID f2b42bb42f3b Credits Artem Guzhva...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass a security measure, gain bypass, gain elevated privileges and thus potentially execute arbitrary code with SYSTEM privileges. Obtaining...

Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

Threat actors operating under the name Anonymous Arabic have released a remote access trojan RAT called Silver RAT that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an...

WordPress Envira Photo Gallery Plugin <= 1.8.7.2 is vulnerable to Broken Access Control

Software Envira Photo Gallery Type Plugin Vulnerable versions = 1.8.7.2 Fixed in 1.8.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6742 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c7d340beb959 Credits Nex Team Required...

WordPress MaxButtons Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Software MaxButtons Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6594 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 7561a2d2b96f Credits Rafshanzani Suhada Required...

ChatGPT Web Cross-Site Scripting Vulnerability

ChatGPT Web is a ChatGPT presentation page built with Express and Vue3 by Redon Personal Developer. A cross-site scripting vulnerability exists in ChatGPT Web version 2.11.1, which stems from a cross-site scripting XSS vulnerability in the parameter Description...

WordPress Revolut Gateway for WooCommerce Plugin <= 4.9.7 is vulnerable to Broken Access Control

Software Revolut Gateway for WooCommerce Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-52224 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56db209d55d0 Credits Abdi Pranata...