WordPress PowerPack Pro for Elementor Plugin <= 2.10.14 is vulnerable to Privilege Escalation

Software PowerPack Pro for Elementor Type Plugin Vulnerable versions = 2.10.14 Fixed in 2.10.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-39634 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID df6582eddf1d Credits István Márton...

WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39631 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID e98eae916e49 Credits CatFather Required privilege...

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...

WordPress Youzify Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software Youzify Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77bf27da026 Credits LVT-tholv2k Required privilege...

GitLab 16.11 < 17.0.5 / 17.1 < 17.1.3 / 17.2 < 17.2.1 (CVE-2024-5067)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level...

The vulnerability of the Servlet component of the Oracle Reports Developer reporting software allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Servlet component in the Oracle Reports Developer reporting software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability

Software Hide My WP Ghost Type Plugin Vulnerable versions 5.2.02 Fixed in 5.2.02 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6420 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c358fc787ef1 Credits Juan Pablo Gomez Postigo Required...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39619 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 340c55b26054 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...

WordPress Addonify Plugin <= 1.2.16 is vulnerable to Sensitive Data Exposure

Software Addonify Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6560 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d0b06da3556d Credits stealthcopter Required privileg...

WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 234 is vulnerable to Broken Access Control

Software Language Translate Widget for WordPress – ConveyThis Type Plugin Vulnerable versions = 234 Fixed in 235 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-38792 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b86aa3788718...

WordPress Timetable and Event Schedule Plugin <= 2.4.13 is vulnerable to PHP Object Injection

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-39630 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 6ee205917cb2 Credits !\VNPT\ Nguyễn Phương...

WordPress ListingPro Plugin <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38795 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e3cbe0b07232 Credits Rafie Muhammad Patchstack Required privilege...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to SQL Injection

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-39622 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ecd756a53e31 Credits Rafie Muhammad Patchstack Required privilege...

WordPress ListingPro Theme <= 2.9.4 is vulnerable to Local File Inclusion

Software ListingPro Type Theme Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-39624 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6fb79ea2aba1 Credits Rafie Muhammad Patchstack Required privilege...

WordPress MasterStudy LMS Plugin < 3.3.24 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.3.24 Fixed in 3.3.24 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-5973 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 2f024467e854 Credits Jaime F...

Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain...

WordPress pz-frontend-manager Plugin < 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software pz-frontend-manager Type Plugin Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00622e75c008 Credits Vuln Seeker...

WordPress CTX Feed Plugin <= 6.5.6 is vulnerable to Privilege Escalation

Software CTX Feed Type Plugin Vulnerable versions = 6.5.6 Fixed in 6.5.7 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-38775 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID cbdae09cf674 Credits stealthcopter Required privilege Sh...