WordPress Share This Image Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Software Share This Image Type Plugin Vulnerable versions = 2.01 Fixed in 2.02 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8108 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ce0f588ce2a5 Credits Francesco Carlucci Requir...

WordPress Tutor LMS Pro Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5784 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53b4f2fddbc0 Credits Thanh Nam Tran Required...

WordPress Web Directory Free Plugin < 1.7.3 is vulnerable to Local File Inclusion

Software Web Directory Free Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3673 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4fbe470a086 Credits Simone Onofri Kim Cerra Andrea De...

WordPress Betheme Theme <= 27.5.6 is vulnerable to PHP Object Injection

Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in 27.5.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2694 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 8e134812d3a9 Credits Francesco Carlucci Required privilege...

WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...

WordPress GiveWP Plugin <= 3.15.1 is vulnerable to Sensitive Data Exposure

Software GiveWP Type Plugin Vulnerable versions = 3.15.1 Fixed in 3.16.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6551 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID b91ec157138c Credits stealthcopter Required...

WordPress Funnel Kit Funnel Builder PRO Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Funnel Kit Funnel Builder PRO Type Plugin Vulnerable versions = 3.4.5 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1056 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c1faa8fa285 Credits Francesco...

WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.8 is vulnerable to Broken Access Control

Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.8 Fixed in 0.6.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5987 Patch priority Low CVSS severity Low 5.4 Developer Alexander Volkov PSID d7cc8b0ae32e Credits Lucio Sá...

WordPress CoBlocks Plugin < 3.1.13 is vulnerable to Cross Site Scripting (XSS)

Software CoBlocks Type Plugin Vulnerable versions 3.1.13 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7132 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec557475360 Credits Dmitrii Ignatyev Required...

WordPress Media Library Folders Plugin <= 8.2.2 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.2 Fixed in 8.2.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7857 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID af7783c77043 Credits Lucio Sá Required privilege Subscriber...

WordPress HelloAsso Plugin <= 1.1.10 is vulnerable to Broken Access Control

Software HelloAsso Type Plugin Vulnerable versions = 1.1.10 Fixed in 1.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44052 Patch priority Low CVSS severity Low 4.3 Developer HelloAsso PSID d764a14202f7 Credits Trương Hữu Phúc truonghuuphuc Required...

WordPress Custom Field Template Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Template Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44062 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 53885cdfe965 Credits Robert DeVore Required privilege...

WordPress Front End Users Plugin <= 3.2.28 is vulnerable to SQL Injection

Software Front End Users Type Plugin Vulnerable versions = 3.2.28 Fixed in 3.2.29 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7607 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 35067197eafa Credits Peter Thaleikis Required privilege Contributor...

WordPress EasyJobs Plugin <= 2.4.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software EasyJobs Type Plugin Vulnerable versions = 2.4.14 Fixed in 2.4.15 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-43997 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56a38105092f Credits Muhammad Daffa Required...

WordPress Opor Ayam Theme <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Opor Ayam Type Theme Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44053 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1bcd7d651c5d Credits justakazh Required privilege Unauthenticate...

WordPress Filmix Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Filmix Type Theme Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44060 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23b9f7aa796e Credits justakazh Required privilege Unauthenticated...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.3 bugfix release

Red Hat Developer Hub 1.2.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2024-45059

CVE-2024-45059 describes an authenticated SQL Injection in i-Educar prior to version 2.9, where the query in ieducar/intranet/funcionario_vinculo_det.php is built by concatenating the unsanitized GET parameter cod_func. This allows an attacker to access sensitive data such as emails and password ...

CVE-2024-45059 Authenticated SQL Injection in i-Educar

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

CVE-2024-45057

The CVE-2024-45057 entry describes a Reflected Cross-Site Scripting (XSS) vulnerability in i-Educar prior to v2.9. The issue arises from insufficient validation/sanitization of user-controlled input in the dynamic generation of HTML fields, specifically in the file intranet/include/clsCampos.inc....