WordPress Advanced Sermons Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d85d91823452 Credits vgo0 Required privilege...

Malicious code in tcgplayer-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8872e81cbcd437acbedb9771171079c77c0f370055e0cc7423b96b7bdd9a75e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8827 Malicious code in tcgplayer-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8872e81cbcd437acbedb9771171079c77c0f370055e0cc7423b96b7bdd9a75e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Ivory Search Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Ivory Search Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.5.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6835 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cb7652ee4cde Credits stealthcopter Required...

WordPress RD Station Plugin <= 5.3.2 is vulnerable to Cross Site Scripting (XSS)

Software RD Station Type Plugin Vulnerable versions = 5.3.2 Fixed in 5.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6894 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32a1d7bae015 Credits Webbernaut Required privilege...

WordPress Geo Controller Plugin <= 8.7.3 is vulnerable to Broken Access Control

Software Geo Controller Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7380 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c241dd8210b8 Credits Lucio Sá Required privilege...

WordPress LiteSpeed Cache Plugin < 6.5.0.1 is vulnerable to Broken Authentication

Software LiteSpeed Cache Type Plugin Vulnerable versions 6.5.0.1 Fixed in 6.5.0.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-44000 Patch priority High CVSS severity High 9.8 Developer Hai Zheng / Lite Speed Cache PSID 8f939cc0b306...

RUSTSEC-2024-0386 strason is unmaintained

strason will no longer be maintained as declared by the developer. The project has been archived...

strason is unmaintained

strason will no longer be maintained as declared by the developer. The project has been archived...

hwloc is unmaintained

hwloc will no longer be maintained as declared by the developer. The project has been archived without an issue...

bcc is unmaintained

bcc will no longer be maintained as declared by the developer. Users are recommended to use libbpf-rs instead. See libbpf-rs...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Sensitive Data Exposure

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8106 Patch priority Medium CVSS severity Medium 6.5 Developer WP Extended PSID 027663c0c476...

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Arbitrary File Download

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8104 Patch priority High CVSS severity High 7.7 Developer WP Extended PSID 9fb5e1b755dd Credits...

WordPress Sign-up Sheets Plugin < 2.2.13 is vulnerable to Cross Site Scripting (XSS)

Software Sign-up Sheets Type Plugin Vulnerable versions 2.2.13 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6020 Patch priority Medium CVSS severity Medium 7.1 Developer Fetch Designs PSID 65a76cb93247 Credits Bob Matyas Required...

WordPress WC Marketplace Plugin <= 4.2.0 is vulnerable to Privilege Escalation

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8289 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 9025ce00a31d Credits wesley...

WordPress PixelYourSite PRO Plugin <= 10.4.2 is vulnerable to Sensitive Data Exposure

Software PixelYourSite PRO Type Plugin Vulnerable versions = 10.4.2 Fixed in 10.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7870 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c3722df4917d Credits Xetnus Required...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

WordPress WP Job Portal Plugin <= 2.1.6 is vulnerable to Broken Access Control

Software WP Job Portal Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7950 Patch priority High CVSS severity High 9.8 Developer Ahmad PSID 3162f7bd55ec Credits Connor Billings Required privilege...

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

WordPress Share This Image Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Share This Image Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8108 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ce0f588ce2a5 Credits Francesco Carlucci Requir...