WordPress Podlove Podcast Publisher Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32143 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID fc4ae0b13cd1 Credits Abdi Pranata...

WordPress MWW Disclaimer Buttons Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MWW Disclaimer Buttons Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-32428 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 22fa1a3682eb Credits Cronus Required...

WordPress bizcalendar-web Plugin <= 1.1.0.25 is vulnerable to Cross Site Scripting (XSS)

Software bizcalendar-web Type Plugin Vulnerable versions = 1.1.0.25 Fixed in 1.1.0.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 262671a35eab Credits WordFence...

WordPress Event Manager for WooCommerce Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7bf2c59ce4e Credits...

RageFrame2 安全漏洞

rageframe2 is a rapid development application engine based on the Yii2 advanced framework by an individual developer in China, jianyan74. A security vulnerability exists in RageFrame2 version v2.6.43, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could...

WordPress Load More Anything Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Load More Anything Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32110 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 324c36183bf9 Credits Dhabaleshwar Das Required...

A Bootiful Podcast: Marit van Dijk, Jetbrains Developer Advocate

Jetbrains Developer Advocate Marit van Dijk on reading code, IntelliJ IDEA, and more...

WordPress Citadela Listing Plugin <= 5.18.1 is vulnerable to Sensitive Data Exposure

Software Citadela Listing Type Plugin Vulnerable versions = 5.18.1 Fixed in 5.19.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32086 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a5c3aebb62b7 Credits Dave Jong Patchstack...

Advocate Office Management System SQL注入漏洞

Advocate Office Management System is an office management system by the individual developer mayurik. A SQL injection vulnerability exists in Advocate Office Management System version 1.0, which originates from a SQL injection vulnerability in the file /control/registercase.php...

WordPress WP Matterport Shortcode Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Matterport Shortcode Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32109 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8f5cab9e3ca Credits Nguyen Xuan...

WordPress Church Content – Sermons, Events and More Plugin <= 2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Church Content – Sermons, Events and More Type Plugin Vulnerable versions = 2.6 Fixed in 2.6.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32094 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edaae149d179...

WordPress NewsXpress Theme <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software NewsXpress Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fbdf2aa209f9 Credits Dhabaleshwar Das Required...

WordPress F4 Improvements Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software F4 Improvements Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31925 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID adaa81a3b567 Credits Mika Required privilege Administrator...

WordPress Login with phone number Plugin <= 1.6.93 is vulnerable to Cross Site Request Forgery (CSRF)

Software Login with phone number Type Plugin Vulnerable versions = 1.6.93 Fixed in 1.6.94 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-31424 Patch priority Low CVSS severity Low 8.8 Developer Hamid Alinia PSID 32dbb4921861 Credits Majed...

WordPress Element Pack Elementor Addons Plugin <= 5.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baacef610d60 Credits Nikolas...

WordPress Page Builder: Live Composer Plugin <= 1.5.35 is vulnerable to Cross Site Request Forgery (CSRF)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.35 Fixed in 1.5.36 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31933 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c287b96c4dbe Credits Brand...

WordPress Product Input Fields for WooCommerce Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31431 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3d3a2499f343 Credit...

WordPress Emmet Lite Theme <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Emmet Lite Type Theme Vulnerable versions = 1.7.5 Fixed in 1.7.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e069565a3c1 Credits Dhabaleshwar Das Required...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2132 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc6fc1769629 Credit...

WordPress Namaha Theme <= 1.0.40 is vulnerable to Cross Site Request Forgery (CSRF)

Software Namaha Type Theme Vulnerable versions = 1.0.40 Fixed in 1.0.41 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f89684ed1c6c Credits Dhabaleshwar Das Required...