WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 84baf52495a3 Credits Ananda Dhakal...

WordPress Order Tracking Plugin < 3.3.13 is vulnerable to Broken Access Control

Software Order Tracking Type Plugin Vulnerable versions 3.3.13 Fixed in 3.3.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID da6200de622c Credits Abdi Pranata Required privileg...

WordPress FormFacade Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software FormFacade Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43313 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a49c4353525d Credits Le Ngoc Anh Required privilege...

WordPress Custom Field For WP Job Manager Plugin <= 1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Custom Field For WP Job Manager Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-7049 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3021ad422dd8 Credits...

WordPress Relevanssi Plugin <= 4.22.2 is vulnerable to Sensitive Data Exposure

Software Relevanssi Type Plugin Vulnerable versions = 4.22.2 Fixed in 4.23.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7630 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cdb75757e257 Credits stealthcopter Required...

WordPress Hello Agency Theme <= 1.0.5 is vulnerable to Broken Access Control

Software Hello Agency Type Theme Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43341 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dad92fd9c880 Credits Fariq Fadillah Gusti Insani...

WordPress JetBlocks For Elementor Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.12 Fixed in 1.3.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7147 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID 63831bec7c72 Credits stealthcopter...

WordPress All Bootstrap Blocks Plugin <= 1.3.19 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.19 Fixed in 1.3.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43349 Patch priority Low CVSS severity Low 6.5 Developer AREOI PSID 1ee70b8e314c Credits Ngô Thiên An ancorn from VNPT-VCI Require...

WordPress EmbedPress Plugin <= 4.0.9 is vulnerable to Local File Inclusion

Software EmbedPress Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43328 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 8a6dffdf0163 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Clone Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Clone Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43298 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 92218c2f2d27 Credits Ananda Dhakal Patchstack Required...

WordPress Recipe Card Blocks for Gutenberg & Elementor Plugin <= 3.3.1 is vulnerable to Broken Access Control

Software Recipe Card Blocks for Gutenberg & Elementor Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43293 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19c361c53a3a Credits...

WordPress WooCommerce Plugin <= 9.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39666 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4e41b7df57a0 Credits stealthcopter Required privilege...

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...

WordPress Team Showcase Plugin <= 1.22.23 is vulnerable to Cross Site Scripting (XSS)

Software Team Showcase Type Plugin Vulnerable versions = 1.22.23 Fixed in 1.22.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43321 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48667d784b23 Credits LVT-tholv2k Required privilege...

WordPress Presto Player Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Presto Player Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43285 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 632e04c55037 Credits Rafie Muhammad Patchstack...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-34.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

WordPress Element Pack Elementor Addons Plugin <= 5.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7247 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3540915b141a Credits Webbernaut...

WordPress Term And Category Based Posts Widget Plugin < 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Term And Category Based Posts Widget Type Plugin Vulnerable versions 4.9.13 Fixed in 4.9.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ddaec10bd6e Credits Dmitrii Ignatyev...

WordPress WooCommerce Social Login Plugin <= 2.7.5 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-7503 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 23315c373121 Credits Truoc Phan Required...