PT-2024-40103 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: The issue concerns the behavior of the "remember me" function when it is disabled by the developer. If a user had previously logged in with the "remember me" box checked, any pre-existing cooki...

WordPress Easy Digital Downloads – Recent Purchases Plugin <= 1.0.2 is vulnerable to Remote File Inclusion

Software Easy Digital Downloads – Recent Purchases Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote File Inclusion CVE CVE-2024-35629 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 23e0c1b90e02 Credits YCInfosec Require...

WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Integration for Contact Form 7 and Constant Contact Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35632 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Popup Builder Plugin < 1.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 1.1.33 Fixed in 1.1.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3236 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c56e5abe41cb Credits Eunho Kim Required privile...

WordPress The Events Calendar PRO Plugin < 6.4.0.1 is vulnerable to Sensitive Data Exposure

Software The Events Calendar PRO Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1295 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc59557889e3 Credits Scott Kingsley Cla...

WordPress Pie Register (Add on) - Social Sites Login Plugin <= 1.7.7 is vulnerable to Broken Authentication

Software Pie Register Add on - Social Sites Login Type Plugin Vulnerable versions = 1.7.7 Fixed in 1.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-4544 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID...

WordPress Advanced iFrame Plugin <= 2024.3 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.3 Fixed in 2024.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4365 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 184566715b3a Credits wesley wcraft Required...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...

WordPress Similarity Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Similarity Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3972 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3941fac517e1 Credits Bob Matyas Required privilege...

WordPress Email Log Plugin <= 2.4.8 is vulnerable to Other Vulnerability Type

Software Email Log Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2024-0867 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7750b3ba7ece Credits Sean Murphy Required privilege...

WordPress Spectra Plugin <= 2.13.0 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4366 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e05306d8c6c Credits Ngô Thiên An ancorn Required...

WordPress LayerSlider Plugin 7.11.0 is vulnerable to Cross Site Scripting (XSS)

Software LayerSlider Type Plugin Vulnerable versions 7.11.0 Fixed in 7.11.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 784644494489 Credits N/A Required privilege Published 24 May, 20...

WordPress WP Photo Album Plus Plugin <= 8.7.00.003 is vulnerable to Content Injection

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.00.003 Fixed in 8.7.00.004 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4037 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c20c334a973 Credits stealthcopter Required...

WordPress EmbedPress Plugin <= 3.9.12 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.9.12 Fixed in 3.9.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1803 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 58b21d9fa99a Credits WordFence Required privilege...

[SECURITY] Fedora 40 Update: python-jinja2-3.1.4-1.fc40

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...

WordPress FluentForm Plugin <= 5.1.15 is vulnerable to PHP Object Injection

Software FluentForm Type Plugin Vulnerable versions = 5.1.15 Fixed in 5.1.16 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4157 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 3330782fcf1c Credits Tobias Weißhaar kun19 Required privilege...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3711 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a9b9ee44fc3 Credits Lucio Sá Required privilege Contributo...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.107 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.107 Fixed in 1.5.108 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4779 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 2c76236c1b5c...

WordPress Hash Elements Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Hash Elements Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5177 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3175f5a96af0 Credits stealthcopter Required...

WordPress wpDataTables Plugin <= 3.4.2.12 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.12 Fixed in 3.4.2.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4895 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 468050b27d74 Credits Tim Coen Requir...