WordPress Advanced Access Manager Plugin <= 6.9.20 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Access Manager Type Plugin Vulnerable versions = 6.9.20 Fixed in 6.9.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29124 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bab97a68bf4d Credits Delbert Giovanni Lie Require...

WordPress RegistrationMagic Plugin <= 5.2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.5.9 Fixed in 5.2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29113 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b3c2c9a16dfd Credits Yudistira Arya Required...

Surya Developer Hostel Management Service Access Control Error Vulnerability

Surya Developer Hostel Management Service is an accommodation management service from Surya Developer India. An access control error vulnerability exists in Surya Developer Hostel Management Service version 1.0, which stems from an access control error vulnerability in the file...

WordPress WP Calameo Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Calameo Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6c0b84991b1 Credits Ray Wilson Required privilege Contributor...

WordPress SupportCandy Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software SupportCandy Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27991 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64d8fa37173c Credits Mochamad Sofyan Required privilege...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.5.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27994 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 8464da6f5a09 Credits Yudistira Arya Required...

Surya Developer Hostel Management Service Cross-Site Request Forgery Vulnerability

Surya Developer Hostel Management Service is an accommodation management service from Surya Developer India. A cross-site request forgery vulnerability exists in Surya Developer Hostel Management Service version 1.0, which stems from a cross-site request forgery CSRF vulnerability in the file...

WordPress MJM Clinic Plugin <= 1.1.22 is vulnerable to Cross Site Scripting (XSS)

Software MJM Clinic Type Plugin Vulnerable versions = 1.1.22 Fixed in 1.1.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3af8c5b59be8 Credits Faizal Abroni Required privilege Editor...

WordPress oik Plugin <= 4.10.0 is vulnerable to Cross Site Scripting (XSS)

Software oik Type Plugin Vulnerable versions = 4.10.0 Fixed in 4.10.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2256 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c1c9316e65f Credits Francesco Carlucci Required...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Directory Traversal

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE CVE-2024-1974 Patch priority Low CVSS severity Low 7.7 Developer HTMega PSID 6d7e2f2731f2 Credits Webbernaut Required privilege Contributor Publish...

WordPress ShopLentor Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 64f9927062c1 Credits Webbernaut Required privilege...

WordPress UsersWP Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software UsersWP Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb46d3529c97 Credits Krzysztof Zając Required privile...

WordPress HUSKY Plugin <= 1.3.5.2 is vulnerable to SQL Injection

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.2 Fixed in 1.3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1795 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID afec36a17d5a Credits WordFence Required privilege Contributor Published 14...

WordPress HUSKY Plugin <= 1.3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.1 Fixed in 1.3.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 938e3d425755 Credits Bassem Essam Required privileg...

EulerOS Virtualization 2.10.0 : python-configobj (EulerOS-SA-2024-1388)

According to the versions of the python-configobj package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2023-33850 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...

WordPress Pie Register Plugin <= 3.8.3.2 is vulnerable to Arbitrary File Upload

Software Pie Register Type Plugin Vulnerable versions = 3.8.3.2 Fixed in 3.8.3.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-27957 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a371b236f7d1 Credits Rafie Muhammad Patchstack Required...

WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...

Spring Tips: Spring Batch Remote Partitioning, your easy button for data scale!

Hi, Spring fans! In this installment, Spring Developer Advocate Josh Long looks at how to use Spring Batch's remote partitioning support to easy-button your data processing scale out strategies. postgresql ai datascience data springboot java java21...

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...