WordPress MegaMenu Plugin <= 2.3.12 is vulnerable to Local File Inclusion

Software MegaMenu Type Plugin Vulnerable versions = 2.3.12 Fixed in 2.3.13 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-35677 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 866b59909ea3 Credits Rafie Muhammad Patchstack Required privilege...

WordPress EmbedPress Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 09e449af3af2 Credits wesley wcraft Required...

WordPress Five Star Restaurant Menu Plugin <= 2.4.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Menu Type Plugin Vulnerable versions = 2.4.16 Fixed in 2.4.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5459 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3ee7a9da89d Credits Lucio Sá Required...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Cross Site Scripting (XSS)

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3667 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cff58ae2952e Credits Webbernaut Required privilege...

WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control

Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5324 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8315f4731f19 Credits 1337Wannabe - home Requir...

WordPress Recurring PayPal Donations Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Recurring PayPal Donations Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35676 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a5da0b5233ca Credits LVT-tholv2k Required privilege...

WordPress Social Link Pages Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Link Pages Type Plugin Vulnerable versions = 1.6.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3555 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d1f020a1aca Credits Lucio Sá Required...

WordPress Newsletter Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5317 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a76e0f4cc75c Credits Arkadiusz Hydzik Requir...

WordPress Admin Notices Manager Plugin <= 1.4.0 is vulnerable to Broken Access Control

Software Admin Notices Manager Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1717 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95224798df4d Credits Lucio Sá Required privilege...

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

MAL-2024-1513 Malicious code in developer-integrity1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24aecacebeaf253088760161715d22f5ff77c66ecae6b73d9d1a9b984bbf8de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in developer-integrity1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24aecacebeaf253088760161715d22f5ff77c66ecae6b73d9d1a9b984bbf8de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in developer-integrity2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87499b0a5443852246ee964cc3d558e39a3f77a688484835c1e33524e1c6fce1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1514 Malicious code in developer-integrity2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87499b0a5443852246ee964cc3d558e39a3f77a688484835c1e33524e1c6fce1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1512 Malicious code in developer-integrity-avishek (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5cb52fb483ad0e308286bf5982001d04d48d1f0a2f9e6f5123dbe6933680fa5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdo...

WordPress Responsive Theme <= 5.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Type Theme Vulnerable versions = 5.0.3 Fixed in 5.0.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35654 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c102ae479f0d Credits stealthcopter Required privilege Contribut...

WordPress wpDataTables Plugin <= 6.3.1 is vulnerable to SQL Injection

Software wpDataTables Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.3.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3820 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 85631b10c84a Credits villu164 Required privilege Unauthenticated Publish...

WordPress Emergency Password Reset Plugin <= 8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Emergency Password Reset Type Plugin Vulnerable versions = 8.0 Fixed in 9.0 OWASP Top 10 A8: Software and Data Integrity Failures Classification Cross Site Request Forgery CSRF CVE CVE-2024-35648 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cd74213ad8d6 Credits...