WordPress MIMO Woocommerce Order Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MIMO Woocommerce Order Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5768 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 17c034ea51f0 Credits Luci...

WordPress WordPress Picture / Portfolio / Media Gallery Plugin <= 3.0.1 is vulnerable to Server Side Request Forgery (SSRF)

Software WordPress Picture / Portfolio / Media Gallery Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5021 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 4f6e62e03ba9 Credits...

Security Bulletin: A remote execution vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. A remote execution of arbitrary commands vulnerability affecting Node.js has been published in this security bulletin. This bulletin...

Heap Buffer Overflow

LibYAML is vulnerable to Heap buffer overflow. The vulnerability is due to the lack of proper initialization of the emitter when yamlemitteremit is called without yamlemitterinitialize. An attacker can exploit this vulnerability by providing specially crafted inputs to trigger the overflow,...

update Security Vulnerabilities

update is a library from Aaron's personal developer. A security vulnerability exists in update version 1.0.0, which originates from easy prototype contamination via update/index.js...

WordPress Greenshift – animation and page builder blocks Plugin <= 8.8.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Greenshift – animation and page builder blocks Type Plugin Vulnerable versions = 8.8.9.1 Fixed in 8.9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb212ed9cc65 Credits João...

WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35764 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID ef4f8b581e9b Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Excellent Theme <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Excellent Type Theme Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35763 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85c92164ea82 Credits stealthcopter Required privilege Contributor...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-27982...

WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.38 is vulnerable to Cross Site Scripting (XSS)

Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.38 Fixed in 3.2.39 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4863 Patch priority Low CVSS severity Low 6.5 Developer KadenceWP PSID 422e929006f1 Credits...

WordPress Folders Pro Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software Folders Pro Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2024 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 56270bd65a1a Credits Colin Xu Required privilege Author Publish...

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4258 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9418bfa5fb03 Credits WordFence Required privilege Unauthenticated...

WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...

Number withdrawn

Soar Cloud HR Portal is a human resources application from Soar Cloud, Inc.HR is a human resources management system from Brad Wenqiang Personal Developer. This CVE number has been withdrawn...

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-4551 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 0a0b54f79834 Credits Foxyyy Required privilege Contributor Publishe...

WordPress Popup Builder Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2544 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 4d2b92dba351 Credits Alex Thomas Required...

WordPress Folders Plugin <= 3.0 is vulnerable to Path Traversal

Software Folders Type Plugin Vulnerable versions = 3.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-2023 Patch priority Medium CVSS severity Medium 4.1 Developer Claim ownership PSID 79dd420f62c9 Credits Colin Xu Required privilege Author...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google

Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and Google...

WordPress CoDesigner WooCommerce Builder for Elementor Plugin <= 4.4.1 is vulnerable to PHP Object Injection

Software CoDesigner WooCommerce Builder for Elementor Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4371 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 9f42107c9934 Credits Francesco Carluc...