WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01746b8cad8b Credits Muhammad Zeeshan...

WordPress WooCommerce Cloak Affiliate Links Plugin <= 1.0.33 is vulnerable to Broken Access Control

Software WooCommerce Cloak Affiliate Links Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1308 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 86ffc05e045a Credits Francesc...

WordPress Social Media Share Buttons Plugin <= 2.1.0 is vulnerable to PHP Object Injection

Software Social Media Share Buttons Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-2721 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 6b7330720e7c Credits Dimas Maulana Required privilege...

WordPress Smart Custom Fields Plugin <= 4.2.2 is vulnerable to Broken Access Control

Software Smart Custom Fields Type Plugin Vulnerable versions = 4.2.2 Fixed in 5.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1995 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 99da3594bae9 Credits Lucio Sá Required privileg...

WordPress Weglot Translate Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2124 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff81bdc0a325 Credits Ngô Thiên An ancorn -...

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2222 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0df0ba101fff Credits Lucio Sá...

WordPress Qi Addons For Elementor Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0826 Patch priority Low CVSS severity Low 6.5 Developer Qode Interactive PSID 2d3d74026644 Credits Webbernaut...

WordPress s2Member Pro Plugin <= 230815 is vulnerable to Sensitive Data Exposure

Software s2Member Pro Type Plugin Vulnerable versions = 230815 Fixed in 240315 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0899 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2b01d6ca4fd7 Credits Francesco Carlucci Required...

WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2538 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 50143df9543f Credits Muhammad Zeeshan...

WordPress Fancy Product Designer Plugin < 6.1.5 is vulnerable to SQL Injection

Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.5 Fixed in 6.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0365 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8a2fcc7e3e05 Credits Ivan Spiridonov Required privilege...

Important: Red Hat Enhancement Advisory: Red Hat Developer Hub 1.1 release

Red Hat Developer Hub 1.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

WordPress Knight Lab Timeline Plugin <= 3.9.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Knight Lab Timeline Type Plugin Vulnerable versions = 3.9.3.3 Fixed in 3.9.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2287 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a18014776421 Credits Tien Luong...

WordPress Better Search Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Better Search Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29142 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8395a45f6b09 Credits Abdi Pranata Required privilege...

WordPress Elements kit Elementor addons Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6525 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 35435cff32ec Credits Ulyses Saicha Requir...

WordPress Ultimate Gift Cards For WooCommerce Plugin <= 2.6.6 is vulnerable to Broken Access Control

Software Ultimate Gift Cards For WooCommerce Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1857 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ac4726115ec6 Credits Krzysztof...

WordPress MyCurator Content Curation Plugin <= 3.76 is vulnerable to Cross Site Scripting (XSS)

Software MyCurator Content Curation Type Plugin Vulnerable versions = 3.76 Fixed in 3.77 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29139 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f5416935cfa3 Credits LVT-tholv2k Required...

WordPress RegistrationMagic Plugin <= 5.2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.5.9 Fixed in 5.2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29113 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b3c2c9a16dfd Credits Yudistira Arya Required...

WordPress Contact Forms by Cimatti Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29117 Patch priority Medium CVSS severity Medium 7.1 Developer Cimatti Consulting PSID 36dba4c9e5f8 Credits Joshua Chan Required...

WordPress WooCommerce Google Feed Manager Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Google Feed Manager Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29112 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a47ab0c3a92d Credits Joshua Chan Required...

WordPress Post SMTP Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29128 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID d4415453cdb3 Credits Le Ngoc Anh Required privilege Unauthenticat...