WordPress Starbox Plugin < 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.0 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1273 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 23b6dbb093c5 Credits Dmitrii Ignatyev Required privileg...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...

WordPress EventPrime Plugin <= 3.4.2 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1123 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c2164132e177 Credits Lucio Sá Required privilege...

WordPress Mollie Forms Plugin <= 2.6.3 is vulnerable to Broken Access Control

Software Mollie Forms Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1400 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 216cfadafbb9 Credits Lucio Sá Required privilege...

WordPress Colibri Page Builder Plugin <= 1.0.260 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.260 Fixed in 1.0.263 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ddfb3a20814b Credits HappyFunTime Required...

Debian dsa-5638 : libuv1 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5638 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5638-1...

Customer Support System SQL Injection Vulnerability (CNVD-2024-14034)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that stems from a lac...

Automated-Mess-Management-System Cross-Site Scripting Vulnerability

Automated-Mess-Management-System is an automated measurement management system by the individual developer Boyiddhanath Roy. A cross-site scripting vulnerability exists in Automated-Mess-Management-System version 1.0, which stems from the fact that incorrect manipulation of the parameter msg can...

Customer Support System SQL Injection Vulnerability (CNVD-2024-14031)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

WordPress WooCommerce Add to Cart Custom Redirect Plugin <= 1.2.13 is vulnerable to Broken Access Control

Software WooCommerce Add to Cart Custom Redirect Type Plugin Vulnerable versions = 1.2.13 Fixed in 1.2.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1862 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c97532040847 Credits Luci...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.32 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.32 Fixed in 2.10.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2126 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 112915e33a62 Credits wesley wcraft...

Fedora: Security Advisory for plexus-containers (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: plexus-resources-1.3.0-4.fc40

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

[SECURITY] Fedora 40 Update: plexus-utils-3.5.1-8.fc40

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

[SECURITY] Fedora 40 Update: plexus-i18n-1.0-0.31.b10.4.fc40

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

[SECURITY] Fedora 40 Update: plexus-containers-2.2.0-3.fc40

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

[SECURITY] Fedora 40 Update: plexus-archiver-4.9.1-3.fc40

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

[SECURITY] Fedora 40 Update: maven-resolver-1.9.18-3.fc40

Apache Maven Artifact Resolver is a library for working with artifact repositories and dependency resolution. Maven Artifact Resolver deals with the specification of local repository, remote repository, developer workspaces, artifact transports and artifact resolution...

[SECURITY] Fedora 40 Update: apache-commons-logging-1.3.0-5.fc40

The commons-logging package provides a simple, component oriented interface org.apache.commons.logging.Log together with wrappers for logging systems. The user can choose at runtime which system they want to use. In addition, a small number of basic implementations are provided to allow users to...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2024

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2024. IBM 8 SR8 FP20 1.8.0401. Vulnerability Details CVEID:CVE-2023-22067 DESCRIPTION:...