WordPress SuperFaktura WooCommerce Plugin <= 1.40.3 is vulnerable to Server Side Request Forgery (SSRF)

Software SuperFaktura WooCommerce Type Plugin Vulnerable versions = 1.40.3 Fixed in 1.40.4 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-32803 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 1f6825e0241f Credits...

WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation

Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...

WordPress ShortPixel Critical CSS Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software ShortPixel Critical CSS Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32810 Patch priority High CVSS severity High 7.6 Developer ShortPixel PSID b4665651b428 Credits Dhabaleshwar Das Require...

WordPress All-in-one Like Widget Plugin <= 2.2.7 is vulnerable to Cross Site Scripting (XSS)

Software All-in-one Like Widget Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32815 Patch priority Low CVSS severity Low 5.9 Developer Jeroen Peters PSID 19340c2d052a Credits Joshua Chan Required privilege...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

WordPress Podlove Podcast Publisher Plugin <= 4.0.14 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.14 Fixed in 4.0.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32712 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 03f3d1e3ccd2 Credits LVT-tholv2k...

WordPress WP GoToWebinar Plugin <= 14.46 is vulnerable to Broken Access Control

Software WP GoToWebinar Type Plugin Vulnerable versions = 14.46 Fixed in 15.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dac08fd623ab Credits Abdi Pranata Required privilege...

WordPress Sendinblue for WooCommerce Plugin <= 4.0.17 is vulnerable to Arbitrary File Download

Software Sendinblue for WooCommerce Type Plugin Vulnerable versions = 4.0.17 Fixed in 4.0.18 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32807 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1a6d8c4d6ed3 Credits Yudistira Arya...

WordPress SchedulePress Plugin <= 5.0.8 is vulnerable to Broken Access Control

Software SchedulePress Type Plugin Vulnerable versions = 5.0.8 Fixed in 5.0.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7d1404ed0d5c Credits Majed Refaea Required...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...

WordPress StreamWeasels Twitch Integration Plugin <= 1.7.8 is vulnerable to Sensitive Data Exposure

Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32716 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID eec287347b22 Credits Majed Refa...

[SECURITY] Fedora 40 Update: yyjson-0.9.0-1.fc40

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C C89 for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...

WordPress Chauffeur Taxi Booking System for WordPress Plugin <= 6.9 is vulnerable to Broken Authentication

Software Chauffeur Taxi Booking System for WordPress Type Plugin Vulnerable versions = 6.9 Fixed in 7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-32692 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 7552e0fad1fd Credits luc...

WordPress Automatic Plugin < 3.93.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions 3.93.0 Fixed in 3.93.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 83f469455e38 Credits Rafie Muhammad Patchstack...

WordPress Media Library Folders Plugin <= 8.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.0 Fixed in 8.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3615 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9a730c3a0156 Credits Krzysztof...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

WordPress LearnPress Plugin <= 4.2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.4 Fixed in 4.2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3560 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05282d717c17 Credits stealthcopter Required...

WordPress Click to Chat Plugin <= 3.35 is vulnerable to Local File Inclusion

Software Click to Chat Type Plugin Vulnerable versions = 3.35 Fixed in 4.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3849 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a9b57b69a7e Credits haidv35 from Viettel Cyber Security Required...

WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion

Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...

[SECURITY] Fedora 39 Update: yyjson-0.9.0-1.fc39

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C C89 for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...