WordPress WP eStore Plugin < 8.5.6 is vulnerable to Cross Site Scripting (XSS)

Software WP eStore Type Plugin Vulnerable versions 8.5.6 Fixed in 8.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6133 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0478cdd4af65 Credits Bob Matyas Required...

KLA71478 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET and Visua...

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Sensitive Data Exposure

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43251 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d6af3324445 Credits Dave Jong Patchstack...

WordPress Atarim Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software Atarim Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7621 Patch priority Low CVSS severity Low 5.4 Developer Atarim PSID 410d656b7615 Credits Lucio Sá Required privilege Subscriber Published...

Best House Rental Management System 安全漏洞

Best House Rental Management System is a house rental management system by Mayuri K. Individual developer. A security vulnerability exists in Best House Rental Management System version v1.0, which stems from the inclusion of an incorrect access control issue...

WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43241 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75c4d13f2043 Credits Rafie Muhammad Patchstack...

WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43239 Patch priority Low CVSS severity Low 4.3 Developer Masteriyo PSID 14f36e53d575 Credits Ananda Dhakal...

WordPress Persian WooCommerce Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Persian WooCommerce Type Plugin Vulnerable versions = 7.1.6 Fixed in 9.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2fdf96331252 Credits Rafie Muhammad Patchstack...

WordPress Social Slider Feed Plugin <= 2.2.2 is vulnerable to Broken Access Control

Software Social Slider Feed Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43215 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eebbacd9eb23 Credits Joshua Chan Required...

WordPress Timeline and History slider Plugin <= 2.3 is vulnerable to Local File Inclusion

Software Timeline and History slider Type Plugin Vulnerable versions = 2.3 Fixed in 2.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-43232 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2bac14a13b45 Credits João Pedro S Alcântara...

WordPress Element Pack Elementor Addons Plugin <= 5.7.6 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.7.6 Fixed in 5.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4360 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b1a260751a26 Credits Ngô Thiên ...

WordPress GiveWP Plugin <= 3.14.1 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-37099 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID 44652f09d965 Credits LVT-tholv2k Required privilege...

WordPress JetGridBuilder Plugin <= 1.1.2 is vulnerable to Local File Inclusion

Software JetGridBuilder Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43221 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID be769930489f Credits João Pedro S Alcântara Kinorth Required...

WordPress Shared Files Plugin <= 1.7.28 is vulnerable to Sensitive Data Exposure

Software Shared Files Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-43230 Patch priority Low CVSS severity Low 5.3 Developer Tammersoft PSID 9e141e472eac Credits Abdi Pranata Required privile...

WordPress BSK Forms Blacklist Plugin <= 3.8 is vulnerable to Cross Site Scripting (XSS)

Software BSK Forms Blacklist Type Plugin Vulnerable versions = 3.8 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43233 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 39a05d2b3c1d Credits LVT-tholv2k Required privilege...

WordPress No Update Nag Plugin <= 1.4.12 is vulnerable to Sensitive Data Exposure

Software No Update Nag Type Plugin Vulnerable versions = 1.4.12 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7412 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ac9e40d53a9f Credits stealthcopter Required...

The vulnerability of the DevTools suite for web development in Google Chrome and Microsoft Edge browsers allows a hacker to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the DevTools suite for web development in Google Chrome and Microsoft Edge relates to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, execute arbitrary code, or caus...

WordPress FooBox Image Lightbox Plugin <= 2.7.28 is vulnerable to Cross Site Scripting (XSS)

Software FooBox Image Lightbox Type Plugin Vulnerable versions = 2.7.28 Fixed in 2.7.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5668 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34ccb97b63f3 Credits Webbernaut...

WordPress Amelia Plugin <= 1.2 is vulnerable to Sensitive Data Exposure

Software Amelia Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6552 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 963ab0b19e24 Credits stealthcopter Required privilege...

WordPress LearnPress Plugin <= 4.2.6.9.3 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.9.3 Fixed in 4.2.6.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7548 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 65b855bf9a50 Credits Lucio Sá Required privilege Contributor Publish...