WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Privilege Escalation

Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8349 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 0a9f41b67f...

WordPress Ninja Forms Plugin <= 3.8.15 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.15 Fixed in 3.8.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3866 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8846b83daea8 Credits wesley wcraft Required...

WordPress WP Datepicker Plugin <= 2.1.1 is vulnerable to Broken Access Control

Software WP Datepicker Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47321 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 43063696ef76 Credits Mika Required privilege...

WordPress Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads Plugin <= 2.0.84 is vulnerable to Broken Access Control

Software Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads Type Plugin Vulnerable versions = 2.0.84 Fixed in 2.0.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47317 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3ea101b7f4e3...

WordPress WP ULike Plugin < 4.7.4 is vulnerable to Cross Site Scripting (XSS)

Software WP ULike Type Plugin Vulnerable versions 4.7.4 Fixed in 4.7.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6efbbe7dce64 Credits Bob Matyas Required privilege...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.3 is vulnerable to SQL Injection

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.3 Fixed in 1.3.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8624 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 72c934040045 Credits Krzysztof Zając...

WordPress Contact Form 7 Campaign Monitor Extension Plugin <= 0.4.67 is vulnerable to Broken Access Control

Software Contact Form 7 Campaign Monitor Extension Type Plugin Vulnerable versions = 0.4.67 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44019 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 11a927ecc073 Credits Abdi...

WordPress VR Calendar Plugin <= 2.4.0 is vulnerable to Local File Inclusion

Software VR Calendar Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44013 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e489bf6197d Credits tahu.datar Required privilege Unauthenticate...

WordPress NiceJob Plugin < 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software NiceJob Type Plugin Vulnerable versions 3.6.5 Fixed in 3.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44025 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID afa3856f254d Credits stealthcopter Required privilege Contributor...

WordPress Seriously Simple Stats Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Seriously Simple Stats Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8738 Patch priority Medium CVSS severity Medium 7.1 Developer Castos PSID f8f850e73781 Credits vgo0 Required...

JVN#57749899: The installer of e-Tax software(common program) vulnerable to privilege escalation

The installer of e-Tax softwarecommon program provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry CWE-268. Impact A malicious DLL prepared by an attacker may be...

WordPress WPSPX Plugin <= 1.0.2 is vulnerable to Local File Inclusion

Software WPSPX Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44034 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 14fb489d8c25 Credits tahu.datar Required privilege Unauthenticated...

WordPress Checkout Mestres WP Plugin <= 8.6 is vulnerable to Local File Inclusion

Software Checkout Mestres WP Type Plugin Vulnerable versions = 8.6 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44030 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 15bf1846430c Credits tahu.datar Required privilege...

Apache Struts 2.0.0 < 2.3.18 RCE (S2-008)

The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by a vulnerability as referenced in the S2-008 advisory. - The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute...

Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...

WordPress Quiz And Survey Master Plugin < 9.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.1.3 Fixed in 9.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8758 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f4eb044984c Credits Dmitrii Ignatyev...

WordPress WP Abstracts Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Abstracts Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44045 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d042c5d49f7e Credits jsjp Required privilege Administrator...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.64 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.64 Fixed in 4.9.65 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44040 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 74a00a678aaf Credits SOPROBRO...

RHSA-2023:1064 Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update

Bulletin has no description...

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...