WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...

A Bootiful Podcast: Vaadin developer advocacy legend Marcus Hellberg

Hi, Spring fans! In this installment, I talk to Vaadin developer advocacy legend Marcus Hellberg about the lates-and-greatest in the wide and wonderful world of Spring...

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

WordPress WooCommerce Google Feed Manager Plugin <= 2.8.0 is vulnerable to Broken Access Control

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edc9e66e9cf4 Credits Lucio Sá Required...

WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection

Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

WordPress User Private Files Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software User Private Files Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7848 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f9aa46f01a Credits Peter Thaleikis Required...

WordPress LH Add Media From Url Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)

Software LH Add Media From Url Type Plugin Vulnerable versions = 1.23 Fixed in 1.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b062d0fb1671 Credits Piotr Kuśpit...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

WordPress GiveWP Plugin <= 3.14.1 is vulnerable to Arbitrary File Deletion

Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-5941 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 0a50b2a00b5f Credits villu164 Required privilege...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to SQL Injection

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6847 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2bfe1eee61ea Credits Karolis Narvilas Required privilege Unauthenticat...

Exploit for Special Element Injection in Google Android

!python-static-badgehttps://img.shields.io/badge/Python-blue?...

WordPress Admission AppManager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Admission AppManager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4507 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 138041d75b79 Credits zulu caPWN...

WordPress Bricks Builder Theme <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bricks Builder Type Theme Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3408 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a8763892e84e Credits Ram Required privilege...

WordPress LiteSpeed Cache Plugin <= 6.3.0.1 is vulnerable to Privilege Escalation

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.3.0.1 Fixed in 6.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-28000 Patch priority High CVSS severity High 9.8 Developer Hai Zheng / Lite Speed Cache PSID b9efa0ab6b82...

WordPress myCred Plugin <= 2.7.2 is vulnerable to PHP Object Injection

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43354 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d4c5d0fdee74 Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress myCred Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43353 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2faf75ac250 Credits LVT-tholv2k Required privilege Contributor...

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

WordPress Presto Player Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Presto Player Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43285 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 632e04c55037 Credits Rafie Muhammad Patchstack...

WordPress JetElements For Elementor Plugin <= 2.6.20 is vulnerable to Cross Site Scripting (XSS)

Software JetElements For Elementor Type Plugin Vulnerable versions = 2.6.20 Fixed in 2.6.20.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7144 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID e5a6ab70d49a Credits stealthcopter...