EasySpider Security Vulnerability

EasySpider is a visual data collection and crawler software by the individual developer Naibo Wang. A security vulnerability exists in EasySpider version 0.6.2, which stems from a path traversal issue...

WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...

WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6075 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c3f59dd6bdda Credits Bob Matyas Required privileg...

WordPress PowerPress Podcasting Plugin <= 11.9.10 is vulnerable to Cross Site Scripting (XSS)

Software PowerPress Podcasting Type Plugin Vulnerable versions = 11.9.10 Fixed in 11.9.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6588 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a26d6217fa24 Credits Webbernaut...

WordPress Watu Quiz Plugin < 3.4.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Watu Quiz Type Plugin Vulnerable versions 3.4.1.2 Fixed in 3.4.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2640 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 617bfa58ba67 Credits Eunho Kim Required privilege...

WordPress Website Content in Page or Post Plugin < 2024.04.09 is vulnerable to Cross Site Scripting (XSS)

Software Website Content in Page or Post Type Plugin Vulnerable versions 2024.04.09 Fixed in 2024.04.09 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2430 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4eb2dd387d32 Credits...

WordPress MStore API Plugin <= 4.14.7 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 4.14.7 Fixed in 4.15.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-6328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID eb61c3a933bb Credits Truoc Phan...

WordPress WP Total Branding Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Total Branding Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6625 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7d5303cf6ee Credits Artem Polynko Artem Polynk...

WordPress Inline Related Posts Plugin < 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Inline Related Posts Type Plugin Vulnerable versions 3.7.0 Fixed in 3.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5626 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e490330be604 Credits Dmitrii Ignatye...

BIT-NODE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

CVE-2024-5257

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

CVE-2024-5257 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

WordPress Event post Plugin <= 5.9.5 is vulnerable to Local File Inclusion

Software Event post Type Plugin Vulnerable versions = 5.9.5 Fixed in 5.9.6 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-38735 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e99c6808576 Credits Emili Castells Required privilege...

WordPress Booking Ultra Pro Plugin <= 1.1.13 is vulnerable to Local File Inclusion

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A5: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-38717 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c00579e5a889 Credits Ananda Dhakal...

WordPress Quiz And Survey Master Plugin < 9.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 9.0.5 Fixed in 9.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6025 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 041e8eaa0b85 Credits Dmitrii Ignatyev...

WordPress Moloni Plugin <= 4.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Moloni Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38694 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c1c98bacc1ee Credits Yudistira Arya Required privilege...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.6.1 is vulnerable to SQL Injection

Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38708 Patch priority High CVSS severity High 8.5 Developer DMitry PSID 81055d795069 Credits justakazh Required...

WordPress WP Photo Album Plus Plugin <= 8.8.02.002 is vulnerable to Cross Site Scripting (XSS)

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.02.002 Fixed in 8.8.02.003 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38713 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5e63f89a72a3 Credits stealthcopter...

WordPress Uncanny Automator Pro Plugin <= 5.3 is vulnerable to Cross Site Scripting (XSS)

Software Uncanny Automator Pro Type Plugin Vulnerable versions = 5.3 Fixed in 5.3.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37117 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9c1cb610bb3a Credits Dave Jong Patchstack...

WordPress EazyDocs Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software EazyDocs Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 35c7ee4ff86c Credits Khalid Yusuf Required privilege Contributor...