WordPress Email Subscribers & Newsletters Plugin <= 5.7.22 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.22 Fixed in 5.7.23 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4845 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 382e424feada Credits Arkadiusz Hydzik Required...

WordPress Newsletter - API addon (Premium) Plugin <= 2.4.5 is vulnerable to Broken Access Control

Software Newsletter - API addon Premium Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5674 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f2621f00fec2 Credits Arkadiusz...

Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilit...

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software DiviTorque – Divi Theme, Divi Builder and Extra Theme Type Plugin Vulnerable versions = 3.6.6 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...

WordPress Left right image slideshow gallery Plugin <= 1.8.1 is vulnerable to SQL Injection

Software Left right image slideshow gallery Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5543 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 26f19037ceb8 Credits Krzysztof Zając Required...

WordPress Activity Reactions For Buddypress Plugin <= 12.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Activity Reactions For Buddypress Type Plugin Vulnerable versions = 12.5.0 Fixed in 12.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4892 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a3e1e0166ec Credit...

WordPress Premium Addons for Elementor Plugin <= 4.10.33 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.33 Fixed in 4.10.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5553 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 89dccdfaef3d Credits wesley wcraft...

KLA68912 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual Studio can be exploited remotely to gai...

(RHSA-2024:3780) Important: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.4.SP2)

An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available RHBQ 3.8.4.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products: CVE-2022-34169 xalan:...

WordPress Custom Field Template Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Template Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0627 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 79102f5cc8d6 Credits Luk 6785 Required...

WordPress GDPR CCPA Compliance Support Plugin <= 2.7.0 is vulnerable to Cross Site Scripting (XSS)

Software GDPR CCPA Compliance Support Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5607 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 298f3a902d63 Credits Lucio...

WordPress Music Store Plugin <= 1.1.13 is vulnerable to SQL Injection

Software Music Store Type Plugin Vulnerable versions = 1.1.13 Fixed in 1.1.14 OWASP Top 10 A3: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 3ee22c619ee0 Credits Noriko Totsuka JPCERT/CC Required privilege Unauthenticated...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...

WordPress WP Reset Plugin <= 2.01 is vulnerable to Broken Access Control

Software WP Reset Type Plugin Vulnerable versions = 2.01 Fixed in 2.03 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4661 Patch priority Low CVSS severity Low 4.3 Developer WebFactory Ltd. PSID 7f5481b63727 Credits Foxyyy Required privilege Subscriber...

WordPress Salon booking system Plugin <= 9.9 is vulnerable to Broken Access Control

Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4468 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 495ce87718e9 Credits JoanClarke2 Required privile...

WordPress SKT Addons for Elementor Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5091 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81d64b5eccce Credits stealthcopter...

WordPress ARForms Plugin < 6.6 is vulnerable to Cross Site Scripting (XSS)

Software ARForms Type Plugin Vulnerable versions 6.6 Fixed in 6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4621 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54c970f6100c Credits Bob Matyas Required privilege...

WordPress TablePress Plugin <= 2.3.1 is vulnerable to Server Side Request Forgery (SSRF)

Software TablePress Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-4354 Patch priority Low CVSS severity Low 6.4 Developer TablePress PSID e683cfb42286 Credits Tobias Weißhaar kun19 Required privilege...

WordPress The Post Grid Plugin <= 7.7.1 is vulnerable to Cross Site Scripting (XSS)

Software The Post Grid Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35739 Patch priority Low CVSS severity Low 6.5 Developer Mamunur Rashid PSID 3801d97a66a9 Credits SouzaZinn Required privilege Contributor...