WordPress SEOPress Plugin <= 7.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software SEOPress Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-34383 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7ca57d342ecd Credits Peng Zhou Required...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34378 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID da872f96f681 Credits Majed Refaea Required privilege...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2023 Critical Patch...

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

WordPress WP Recipe Maker Plugin <= 9.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.3.1 Fixed in 9.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5ee8e6ab9022 Credits stealthcopter Required...

WordPress Supreme Modules Lite Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Supreme Modules Lite Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db7cdff0f72f Credits Webbernaut Required...

WordPress Button Generator – easily Button Builder Plugin < 3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3471 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aca54546afa3 Credits B...

WordPress Sticky Buttons Plugin < 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Sticky Buttons Type Plugin Vulnerable versions 3.2.4 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c9f456e279d5 Credits Bob Matyas Required...

CVE-2024-24978

Denial-of-service DoS vulnerability exists in TvRock 0.9t8a. Receiving a specially crafted request by a remote attacker or having a user of TvRock click a specially crafted request may lead to ABEND abnormal end. Note that the developer was unreachable, therefore, users should consider stop using...

CVE-2024-23597

Cross-site request forgery CSRF vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

CVE-2024-24978

Denial-of-service DoS vulnerability exists in TvRock 0.9t8a. Receiving a specially crafted request by a remote attacker or having a user of TvRock click a specially crafted request may lead to ABEND abnormal end. Note that the developer was unreachable, therefore, users should consider stop using...

CVE-2024-24978

TvRock 0.9t8a has a DoS vulnerability that can trigger an ABEND via a specially crafted request, with exploitation possible by remote attackers or by users clicking the crafted request. The developer is unreachable, and multiple sources advise stopping use of TvRock 0.9t8a. No public patch or mit...

CVE-2024-24978

Denial-of-service DoS vulnerability exists in TvRock 0.9t8a. Receiving a specially crafted request by a remote attacker or having a user of TvRock click a specially crafted request may lead to ABEND abnormal end. Note that the developer was unreachable, therefore, users should consider stop using...

CVE-2024-23597

Cross-site request forgery CSRF vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

PT-2024-19955 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site request forgery CSRF issue exists, allowing unintended operations to be performed if a logged-in user accesses a specially crafted page. Recommendations: For TvRock version 0.9t8a, consider...

PT-2024-20685 · Tvrock · Tvrock

Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A denial-of-service DoS issue exists, where receiving a specially crafted request by a remote attacker or having a user click a specially crafted request may lead to an abnormal end ABEND. The developer of...

WordPress All-in-One Video Gallery Plugin <= 3.6.4 is vulnerable to Arbitrary File Upload

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.6.4 Fixed in 3.6.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4033 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID cfa484cd1cd9 Credits stealthcopter Required...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

WordPress ARMember Plugin <= 4.0.30 is vulnerable to Open Redirection

Software ARMember Type Plugin Vulnerable versions = 4.0.30 Fixed in 4.0.31 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-4133 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 1161444e8597 Credits Krzysztof Zając Required privilege Unauthenticated...

WordPress Where Did You Hear About Us Checkout Field for WooCommerce Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Where Did You Hear About Us Checkout Field for WooCommerce Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2752 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...