WordPress EazyDocs Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software EazyDocs Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 35c7ee4ff86c Credits Khalid Yusuf Required privilege Contributor...

WordPress MBE eShip Plugin <= 2.1.2 is vulnerable to Sensitive Data Exposure

Software MBE eShip Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-38742 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID df94a639a0f7 Credits Joshua Chan...

WordPress MakeStories (for Google Web Stories) Plugin <= 3.0.3 is vulnerable to Arbitrary File Download

Software MakeStories for Google Web Stories Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-38746 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 40afb38048ba Credits Majed...

WordPress Link Library Plugin <= 7.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38711 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 426040e94ba8 Credits LVT-tholv2k Required privilege...

WordPress GD Rating System Plugin <= 3.6 is vulnerable to Local File Inclusion

Software GD Rating System Type Plugin Vulnerable versions = 3.6 Fixed in 3.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-38709 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 96b344704167 Credits João Pedro S Alcântara Kinorth Required...

WordPress WP Fast Total Search Plugin <= 1.68.232 is vulnerable to Broken Access Control

Software WP Fast Total Search Type Plugin Vulnerable versions = 1.68.232 Fixed in 1.69.234 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38714 Patch priority Low CVSS severity Low 4.3 Developer Epsiloncool PSID 00f4bc37a87e Credits Majed Refaea Required...

WordPress JSON Content Importer Plugin <= 1.5.6 is vulnerable to Server Side Request Forgery (SSRF)

Software JSON Content Importer Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.6.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-38723 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID f916d2cf2c68 Credits...

WordPress Secure Copy Content Protection and Content Locking Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Secure Copy Content Protection and Content Locking Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6138 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 386e7454f8d8...

WordPress ExS Widgets Plugin <= 0.3.1 is vulnerable to Local File Inclusion

Software ExS Widgets Type Plugin Vulnerable versions = 0.3.1 Fixed in 0.3.2 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88483868fd84 Credits João Pedro S Alcântara Kinorth...

GitLab 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-5257)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may hav...

The Stark Truth Behind the Resurgence of Russia’s Fin7

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands o...

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

WordPress Booking Ultra Pro Plugin <= 1.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Booking Ultra Pro Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38676 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5502b7d4c80c Credits LVT-tholv2k Required privilege...

WordPress CodePen Embedded Pens Shortcode Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software CodePen Embedded Pens Shortcode Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 012982f72b9c Credits Jean Tirstan T Require...

CVE-2024-6612

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...

WordPress Team Members Plugin <= 5.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Team Members Type Plugin Vulnerable versions = 5.3.3 Fixed in 5.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38670 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0e47f407025 Credits Jean Tirstan T Required privilege...

WordPress WPCS Plugin <= 1.2.0.3 is vulnerable to Content Injection

Software WPCS Type Plugin Vulnerable versions = 1.2.0.3 Fixed in 1.2.0.4 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-38700 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b3604018b32 Credits stealthcopter Required privilege Unauthenticat...

WordPress Tutor LMS Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37947 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54e1794329a4 Credits justakazh Required privilege editor and Tuto...

WordPress UltraAddons Elementor Lite Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software UltraAddons Elementor Lite Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6acf063eea46 Credits stealthcopter...

Number withdrawn

Please is a sudo clone by ed neville personal developer. This CVE number has been withdrawn...