[SECURITY] Fedora 38 Update: yyjson-0.9.0-1.fc38

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C C89 for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...

WordPress MyRewards Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software MyRewards Type Plugin Vulnerable versions = 5.3.0 Fixed in 5.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32688 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4a61d830f2db Credits Emili Castells Required...

WordPress Order Limit for WooCommerce Plugin <= 2.0.0 is vulnerable to Broken Access Control

Software Order Limit for WooCommerce Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32675 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b286d283cb6a Credits Abdi Pranat...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3599 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bea6dcba69bc...

WordPress WP Social Comments Plugin <= 1.7.3 is vulnerable to Broken Access Control

Software WP Social Comments Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a443a3a545ff Credits Friday Required privilege...

WordPress Content Control Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software Content Control Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0615 Patch priority Low CVSS severity Low 5.3 Developer Code Atlantic LLC PSID 3c7e15ef621e Credits Francesco Carlucci Required...

WordPress Wp Ultimate Review Plugin <= 2.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Software Wp Ultimate Review Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b452df5fd16 Credits Kyle...

WordPress WP Meta SEO Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6961 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6aa5d92333a8 Credits Krzysztof Zając...

WordPress RSS Aggregator by Feedzy Plugin <= 4.4.7 is vulnerable to Server Side Request Forgery (SSRF)

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.7 Fixed in 4.4.8 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-6805 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b683d6b9d5c6 Credits Colin Xu...

GHSA-X674-V45J-FWXW MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service

!IMPORTANT ONLY applications targeting Xamarin Android and .NET Android MAUI are impacted. All others can safely dismiss this CVE. Impact MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.3 inclusive, except 4.59.1 and 4.60....

WordPress HurryTimer Plugin <=2.9.2 is vulnerable to Cross Site Scripting (XSS)

Software HurryTimer Type Plugin Vulnerable versions =2.9.2 Fixed in 2.10.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32556 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3a1dca35035 Credits Joshua Chan Required privilege Contributor...

WordPress Cornerstone Plugin <= 0.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cornerstone Type Plugin Vulnerable versions = 0.8.0 Fixed in 0.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32570 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f61c07b03ab5 Credits Rafie Muhammad Patchstack Required...

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32562 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b69a38ab3f39 Credits Dave Jong Patchstack Required privilege...

WordPress Tainacan Interface Theme <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Tainacan Interface Type Theme Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3867 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dcbddfa32a84 Credits Matheus Nascimento de...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.2 is vulnerable to PHP Object Injection

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-7064 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b9a2bdf53bc0 Credits Rhynorater -...

WordPress WP Helper Premium Plugin < 4.6.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Helper Premium Type Plugin Vulnerable versions 4.6.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32595 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f98f0aa22fb Credits thiennv Required privilege...

WordPress Slider by 10Web Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32578 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3808548b6dad Credits Dimas Maulana Required privile...

WordPress WP Stripe Checkout Plugin <= 1.2.2.41 is vulnerable to Cross Site Scripting (XSS)

Software WP Stripe Checkout Type Plugin Vulnerable versions = 1.2.2.41 Fixed in 1.2.2.42 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32571 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8bb03353bba3 Credits LVT-tholv2k Required privileg...