WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

WordPress Grid Gallery Plugin <= 1.4.3 is vulnerable to PHP Object Injection

Software Grid Gallery Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1897 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 43f9768655e4 Credits Francesco Carlucci Required privilege...

WordPress Masteriyo - LMS Plugin <= 1.7.3 is vulnerable to Broken Authentication

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-33939 Patch priority Medium CVSS severity Medium 5.3 Developer Masteriyo PSID ce37ea579b31 Credits Steven Julian Required privilege...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

WordPress Cost Calculator Builder Pro Plugin <= 3.1.67 is vulnerable to Cross Site Scripting (XSS)

Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.67 Fixed in 3.1.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4097 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 99ec603c6f20 Credits andrea...

WordPress Event Management Tickets Booking Plugin <= 1.3.4 is vulnerable to PHP Object Injection

Software Event Management Tickets Booking Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1895 Patch priority Medium CVSS severity Medium 7.4 Developer Claim ownership PSID d93e6770a231 Credits Francesco Carlucci...

WordPress ARMember Plugin <= 4.0.30 is vulnerable to Open Redirection

Software ARMember Type Plugin Vulnerable versions = 4.0.30 Fixed in 4.0.31 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-4133 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 1161444e8597 Credits Krzysztof Zając Required privilege Unauthenticated...

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app...

WordPress Jeg Elementor Kit Plugin <= 2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3819 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ed7ecaed8c2 Credits wesley wcraft Required...

WordPress Timetable and Event Schedule Plugin <= 2.4.11 is vulnerable to SQL Injection

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.4.11 Fixed in 2.4.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3342 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 0319575418d1 Credits Krzysztof Zając Required privilege...

WordPress Share This Image Plugin <= 1.98 is vulnerable to Open Redirection

Software Share This Image Type Plugin Vulnerable versions = 1.98 Fixed in 1.99 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-33930 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 8ff8b7f51b08 Credits stealthcopter Required privilege Unauthenticate...

WordPress Embed Google Fonts Plugin <= 3.1.0 is vulnerable to Broken Access Control

Software Embed Google Fonts Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a530cac3d37a Credits Abdi Pranata Required...

WordPress AJAX Login and Registration modal popup + inline form Plugin <= 2.23 is vulnerable to Cross Site Scripting (XSS)

Software AJAX Login and Registration modal popup + inline form Type Plugin Vulnerable versions = 2.23 Fixed in 2.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33918 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID ea1aeec00d87...

WordPress CPO Companion Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPO Companion Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33916 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 57daf6c77a1b Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress Analytify Plugin <= 5.2.3 is vulnerable to Broken Access Control

Software Analytify Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1809 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ab2e692a810a Credits Lucio Sá Required privilege Subscrib...

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

GHSA-VX97-8Q8Q-QGQ5 Mattermost's detailed error messages reveal the full file path

Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...

WordPress ARForms Form Builder Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software ARForms Form Builder Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1945 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea61cb9b5b99 Credits Lucio Sá Required...

WordPress Backup Migration Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Backup Migration Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c8830eaae290 Credits Dhabaleshwar Das Required...

WordPress Althea WP Theme <= 1.0.13 is vulnerable to Broken Access Control

Software Althea WP Type Theme Vulnerable versions = 1.0.13 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5f642c59b Credits Dhabaleshwar Das Required privileg...