WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...

WordPress Calculated Fields Form Plugin 5.0.0-5.1.56 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions 5.0.0-5.1.56 Fixed in 5.1.57 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2020 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID f60c98fd9fe8 Credits Asaf...

Daily Habit Tracker Cross-Site Scripting Vulnerability

Daily Habit Tracker is a daily habit tracker by rems individual developer. A cross-site scripting vulnerability exists in version 1.0 of Daily Habit Tracker, which stems from a cross-site scripting issue in the /endpoint/update-tracker.php file...

WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow Plugin <= 1.3.8 is vulnerable to PHP Object Injection

Software Slider Responsive Slideshow – Image slider, Gallery slideshow Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.4.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1859 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID ee68c742498b...

Customer Support System Security Breach

Customer Support System is a customer support system by oretnom23 Individual Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. A security vulnerability exists in Customer Support System v1 that stems from allowing...

WordPress Amelia Plugin <= 1.0.98 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1484 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e85735d453 Credits Muhammad Hassham Nagori...

WordPress Finale Lite Plugin <= 2.17.0 is vulnerable to Broken Access Control

Software Finale Lite Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.18.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1120 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 383bdaaeaeac Credits Francesco Carlucci Required...

WordPress Exclusive Addons Elementor Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eec3f461cc61 Credits Webbernaut...

WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...

WordPress Avada Theme <= 7.11.4 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.4 Fixed in 7.11.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1468 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 3720cafcf208 Credits Muhammad Zeeshan Xib3rR4dAr Required privilege...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.87 Fixed in 2.6.87 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7203 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 959e4abbd849 Credits Mohammad Reza Omrani Require...

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40000 Patch priority High CVSS severity High 8.3 Developer Hai Zheng / Lite Speed Cache PSID 61e99b6b8264 Credits Rafie Muhammad Patchsta...

MikroTik RouterOS Path Traversal (CVE-2019-3976)

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. This...

Computer Book Store Security Breach

Computer Book Store is an online bookstore system by the individual developer Carmelo Garcia. A security vulnerability exists in Computer Book Store version 1.0, which originates from the system's susceptibility to SQL injection attacks...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Broken Authentication

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-6584 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f4a18b4236e5 Credits Marc Montpas...

WordPress Rolo Slider Plugin <= 1.0.9 is vulnerable to Settings Change

Software Rolo Slider Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-1438 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 601d954731d6 Credits Emili Castells Required privilege...

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1810 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 20ae6785aa4a Credi...