WordPress Kognetiks Chatbot for WordPress Plugin <= 2.1.7 is vulnerable to Broken Access Control

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10530 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 918318d433d6 Credits Tieu Pham Tro...

WordPress Themify Builder Plugin <= 7.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f592b7b1efcd Credits João Pedro S Alcântara Kinorth Required...

WordPress CSV to html Plugin <= 3.06 is vulnerable to Arbitrary File Upload

Software CSV to html Type Plugin Vulnerable versions = 3.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52406 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f31bd5d837b7 Credits stealthcopter Required privilege Subscriber...

WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection

Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...

WordPress MultiManager WP Plugin <= 1.0.5 is vulnerable to Broken Authentication

Software MultiManager WP Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.1.0 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-11028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e81dabfc85 Credits shaman0x01 Required privilege...

WordPress RSS Feed Widget Plugin < 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software RSS Feed Widget Type Plugin Vulnerable versions 3.0.1 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9835 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a28316c34943 Credits Bob Matyas Required...

This Week in Spring - November 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...

KLA77107 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET and Visual Studio...

WordPress MPG Plugin <= 4.0.2 is vulnerable to Path Traversal

Software MPG Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-10672 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 3c7693c48068 Credits Arkadiusz Hydzik Required privilege Editor...

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Redirect & Thank You Page Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10685 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b725076f7fcb...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release

Red Hat Developer Hub 1.3.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

WordPress Master Addons for Elementor Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.6.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52387 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fab3ef01c18f Credits Michael Required privilege...

WordPress W3SPEEDSTER Plugin <= 7.25 is vulnerable to Cross Site Request Forgery (CSRF)

Software W3SPEEDSTER Type Plugin Vulnerable versions = 7.25 Fixed in 7.27 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-52392 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 547b19ebfd17 Credits Le Ngoc Anh Required privilege...

WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52383 Patch priority High CVSS severity High 7.5 Developer Claim...

WordPress ZIJ KART Plugin <= 1.1 is vulnerable to Local File Inclusion

Software ZIJ KART Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52381 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 026490b9e405 Credits stealthcopter Required privilege Unauthenticated...

WordPress Picsmize Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Picsmize Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52380 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 741a66180c37 Credits stealthcopter Required privilege Unauthenticated...

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

WordPress WPLMS Theme <= 4.962 is vulnerable to Path Traversal

Software WPLMS Type Theme Vulnerable versions = 4.962 Fixed in 4.963 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10470 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 63557cc0ea32 Credits Foxyyy Required privilege Unauthenticated Published 8...