WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...

WordPress PropertyHive Plugin <= 2.0.9 is vulnerable to PHP Object Injection

Software PropertyHive Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.0.10 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-27985 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 245763d3996e Credits CatFather Required privilege Subscribe...

WordPress Crisp Plugin <= 0.44 is vulnerable to Cross Site Scripting (XSS)

Software Crisp Type Plugin Vulnerable versions = 0.44 Fixed in 0.45 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27963 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d24f23d72736 Credits stealthcopter Required privilege Subscriber...

WordPress Team Circle Image Slider With Lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Team Circle Image Slider With Lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2015-10130 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4e4875511ed9 Credit...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.8 Fixed in 2.6.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27953 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 036319de798f...

WordPress Advanced Sermons Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.2 Fixed in 3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27952 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2bcdc917d74 Credits Le Ngoc Anh Required privilege...

WordPress Related Posts for WordPress Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Related Posts for WordPress Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0592 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89e5ec281512 Credits Krzyszto...

WordPress MPG Plugin <= 3.4.0 is vulnerable to Remote Code Execution (RCE)

Software MPG Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-27951 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID e11792cbc705 Credits Majed Refaea Required privilege Editor...

WordPress WP Statistics Plugin <= 14.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Statistics Type Plugin Vulnerable versions = 14.5 Fixed in 14.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2194 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2615a6c0c9 Credits Tim Coen Required...

TIBCO Software TIBCO ActiveSpaces Developer Edition Security Vulnerability

TIBCO Software TIBCO ActiveSpaces Developer Edition is an application platform from TIBCO Software, Inc. It is designed to support large, volatile data sets and event-driven applications. A security vulnerability exists in TIBCO Software TIBCO ActiveSpaces Developer Edition versions 4.4.0 through...

WordPress Formidable Registration Plugin < 2.12 is vulnerable to Broken Authentication

Software Formidable Registration Type Plugin Vulnerable versions 2.12 Fixed in 2.12 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-1290 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID de229a590aad Credits Scott Kingsley Clark...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...

Customer Support System Cross-Site Scripting Vulnerability

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14027)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14028)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14025)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

WordPress WP Go Maps Plugin <= 9.0.32 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.32 Fixed in 9.0.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1582 Patch priority Low CVSS severity Low 6.5 Developer WP Go Maps PSID 69b3a77b21e0 Credits Richard Telleng stueotue Require...

KLA65128 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to...

EulerOS 2.0 SP8 : python-configobj (EulerOS-SA-2024-1292)

According to the versions of the python-configobj packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer tools. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or grant himself elevated privileges to granted and thereby potentially execute arbitrary code for which the malicious party is not initially authorized...