WordPress Htaccess File Editor Plugin <= 1.0.18 is vulnerable to Broken Access Control

Software Htaccess File Editor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6dd94150ebc Credits savphill Require...

WordPress Rescue Shortcodes Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 55990669c666 Credits Peter Thaleikis Required...

WordPress WP Post Author Plugin <= 3.8.1 is vulnerable to SQL Injection

Software WP Post Author Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8757 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 459e7e4ad115 Credits Lesor101 Required privilege Administrator Published...

WordPress Unlimited Addon For Elementor Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Addon For Elementor Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49267 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3bb661ecb7f8 Credits João Pedro S Alcântara...

WordPress Da Reactions Plugin <= 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Da Reactions Type Plugin Vulnerable versions = 5.1.5 Fixed in 5.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49255 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e927ad34c153 Credits Khalid Yusuf Required privilege Contribut...

Rockwell Automation多款产品 安全漏洞

Rockwell Automation RSLogix 500 and others are products of Rockwell Automation, a U.S. company.Rockwell Automation RSLogix 500 is a suite of programming software for industrial control systems.Rockwell Automation Rockwell Automation RSLogix Micro Developer and Starter is an industrial control...

WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...

WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64726d176639 Credits Michelle Porter Required...

WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...

WordPress Order Attachments for WooCommerce Plugin 2.0 - 2.4.1 is vulnerable to Broken Access Control

Software Order Attachments for WooCommerce Type Plugin Vulnerable versions 2.0 - 2.4.1 Fixed in 2.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9756 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dca315263a7c Credits luckynoo...

WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...

WordPress Linked Variation for WooCommerce Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Linked Variation for WooCommerce Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-48047 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 314234821b77 Credits Marek Mikita...

WordPress TablePress Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software TablePress Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9595 Patch priority Low CVSS severity Low 5.9 Developer TablePress PSID e1ecd7cf1ef2 Credits Max Boll b0lli Required privilege...

WordPress Better Author Bio Plugin <= 2.7.10.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Better Author Bio Type Plugin Vulnerable versions = 2.7.10.11 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49229 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dd031bce3db6 Credits SOPROBRO...

WordPress Plexx Elementor Extension Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Plexx Elementor Extension Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d2192b71a7de Credits Khalid Yusuf Required...

WordPress ShortPixel Image Optimizer Plugin <= 5.6.3 is vulnerable to SQL Injection

Software ShortPixel Image Optimizer Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48043 Patch priority Low CVSS severity Low 7.6 Developer ShortPixel PSID d284fe203395 Credits Rafie Muhammad Patchstack Required privileg...

WordPress ShortPixel Image Optimizer Plugin <= 5.6.3 is vulnerable to Broken Access Control

Software ShortPixel Image Optimizer Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-48044 Patch priority Low CVSS severity Low 5.4 Developer ShortPixel PSID a501abcf0465 Credits Rafie Muhammad Patchsta...

WordPress ShopLentor Plugin <= 2.9.8 is vulnerable to Sensitive Data Exposure

Software ShopLentor Type Plugin Vulnerable versions = 2.9.8 Fixed in 2.9.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9538 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 367cb7a26fde Credits Ankit Patel Required privilege...

CVE-2024-47869

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...