WordPress Awesome Fitness Testimonials Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Fitness Testimonials Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51806 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6dc5acf46761 Credits SOPROBRO Required privilege...

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

Pixel Update Bulletin—November 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-11-05 or later address all issues in this bulletin and all issues in the November 2024 Android...

CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication

Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...

WordPress Super Socializer Plugin <= 7.13.68 is vulnerable to Broken Authentication

Software Super Socializer Type Plugin Vulnerable versions = 7.13.68 Fixed in 7.14 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9946 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3feff8ece72e Credits wesle...

WordPress Twitter real time search scrolling Plugin <= 7.0 is vulnerable to Cross Site Scripting (XSS)

Software Twitter real time search scrolling Type Plugin Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51716 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5ded87af36a1 Credits SOPROBRO Required...

WordPress Content Syndication Toolkit Reader Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Content Syndication Toolkit Reader Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51696 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4c15b730abc5 Credits João Pedro S...

WordPress Jigoshop – Store Toolkit Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Jigoshop – Store Toolkit Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51712 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84e860833836 Credits Zlrqh Required privilege...

WordPress Loginizer Security Plugin <= 1.9.2 is vulnerable to Broken Authentication

Software Loginizer Security Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 39d130db7003 Credits...

WordPress SVT Simple Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software SVT Simple Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51759 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73a2fdbefeb6 Credits João Pedro S Alcântara Kinorth Required...

WordPress Loginplus Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Loginplus Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3789effcd64f Credits Mika Required privilege Unauthenticated...

WordPress Don't Break The Code Plugin <= .3.1 is vulnerable to Cross Site Scripting (XSS)

Software Don't Break The Code Type Plugin Vulnerable versions = .3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e5611bdb41d7 Credits João Pedro S Alcântara Kinorth...

WordPress WP Visual Adverts Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Visual Adverts Type Plugin Vulnerable versions = 2.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51707 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6941a74fa9c3 Credits João Pedro S Alcântara Kinorth...

Huawei EulerOS: Security Advisory for orc (EulerOS-SA-2024-2790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

zero-day

Zero-Day Vulnerabilities in Open-Source Projects This reposi...

WordPress Paytium Plugin <= 4.4.10 is vulnerable to Broken Access Control

Software Paytium Type Plugin Vulnerable versions = 4.4.10 Fixed in 4.4.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-51667 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f67b49ade6f3 Credits Trương Hữu Phúc truonghuuphuc...

WordPress Appointmind Plugin <= 4.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Appointmind Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.1.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51679 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 55eaeba7d578 Credits SOPROBRO Required...

WordPress Platform.ly Official Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Platform.ly Official Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.14 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51687 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8ba7cb51f2ab Credits SOPROBRO Requir...

WordPress Magical Addons For Elementor Plugin <= 1.2.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-51665 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 7e66dec39a19 Credits João...