CVE-2024-45057 Reflected Cross-Site Scripting in i-Educar

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting XSS vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at...

WordPress Mollie Payments for WooCommerce Plugin <= 7.7.0 is vulnerable to Full Path Disclosure (FPD)

Software Mollie Payments for WooCommerce Type Plugin Vulnerable versions = 7.7.0 Fixed in 7.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-6448 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 442e1f30b6d2 Credits...

WordPress Favicon Generator Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Favicon Generator Type Plugin Vulnerable versions 2.1 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7863 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 2e8a0fbb5efb Credits Daniel Ruf Required...

WordPress Spiffy Calendar Plugin <= 4.9.12 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.12 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43969 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7bc8db74206e Credits Certus Cybersecurity Required privilege...

WordPress Relevanssi Live Ajax Search Plugin <= 2.4 is vulnerable to Broken Access Control

Software Relevanssi Live Ajax Search Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7573 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 091b716b5837 Credits scottaglia Required...

WordPress Podlove Podcast Publisher Plugin <= 4.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.13 Fixed in 4.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43984 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID b38f22b27679 Credits...

WordPress Permalink Manager Lite Plugin <= 2.4.4 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8195 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6d2ef5ed74cf Credits stealthcopter Require...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

WordPress Xpro Elementor Addons Plugin <= 1.4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.4.3 Fixed in 1.4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7791 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 93f87661de72 Credits WordFence...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d47df2666851 Credits Sajjad Ahmad jacksparro...

WordPress Ninja Tables Plugin <= 5.0.12 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7304 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a12833da3c4c Credits wesley wcraft Required...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eb3754a5f963 Credits Sajjad Ahmad jacksparrow Required...

WordPress JobSearch Plugin <= 2.5.4 is vulnerable to Broken Access Control

Software JobSearch Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43929 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7bad1c217a2 Credits Ananda Dhakal Patchstack...

WordPress Greenshift Woocommerce Addon Plugin < 1.9.8 is vulnerable to SQL Injection

Software Greenshift Woocommerce Addon Type Plugin Vulnerable versions 1.9.8 Fixed in 1.9.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43943 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 998dac6720c9 Credits Dave Jong Patchstack Required...

WordPress Envira Photo Gallery Plugin <= 1.8.14 is vulnerable to Broken Access Control

Software Envira Photo Gallery Type Plugin Vulnerable versions = 1.8.14 Fixed in 1.8.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c53eb2407a8 Credits Rafie Muhammad...

WordPress JobSearch Plugin <= 2.5.3 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A5: Security Misconfiguration Classification PHP Object Injection CVE CVE-2024-43931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b092052f063 Credits Ananda Dhakal Patchstack...

WordPress Greenshift Query and Meta Addon Plugin < 3.9.2 is vulnerable to SQL Injection

Software Greenshift Query and Meta Addon Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43942 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 13adc6d175b5 Credits Dave Jong Patchstack Required...

WordPress MaxButtons Plugin <= 9.7.8 is vulnerable to Sensitive Data Exposure

Software MaxButtons Type Plugin Vulnerable versions = 9.7.8 Fixed in 9.8.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6499 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c468e4e161ae Credits stealthcopter Required privileg...

WordPress WP Armour Extended Plugin <= 1.26 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Armour Extended Type Plugin Vulnerable versions = 1.26 Fixed in 1.32 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43947 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c5ec96f385ed Credits Dave Jong Patchsta...

WordPress Shield Security Plugin < 20.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions 20.0.6 Fixed in 20.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7313 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df05c396b592 Credits Krugov Artyom...