WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0830 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c14d6f7a75c Credits Francesco...

WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Adsmonetizer Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-1437 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8446c2dca06a Credits Majed Refaea Required privilege...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.31 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.31 Fixed in 2.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 18903688a247 Credits Webbernaut...

WordPress Slivery Extender Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)

Software Slivery Extender Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-27191 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID d59c4b4628dc Credits LVT-tholv2k Required privilege...

WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software postMash – custom post order Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f81d96aa3cf3 Credits Dimas Maulana Require...

WordPress BeePress Plugin <= 6.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software BeePress Type Plugin Vulnerable versions = 6.9.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-27197 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23f23a1e9a56 Credits Majed Refaea Required...

Path traversal

@backstage/backend-common is a common functionality library for backends for Backstage, an open platform for building developer portals. In @backstage/backend-common prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the resolveSafeChildPath utility were not exhaustive enough, leadi...

Library System SQL Injection Vulnerability

Library System is a library management system by the individual developer nurhodelta17. A SQL injection vulnerability exists in Library System version 1.0, which stems from the fact that incorrect manipulation of the parameters username/password can lead to sql injection...

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023...

CVE-2024-0410

Removed by vendor...

GitHub: Source Code and data exfiltration via Github Copilot

The vulnerability was caused by insecure output handling in the Copilot client interfaces. A prompt injection attack was able to result in data exfiltration. The vulnerability was addressed by only rendering images from trusted domains and adding interstitial modals to inform users about link...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1133 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f48325f20ce3 Credits drop Required privilege Subscriber...

WordPress Cost of Goods for WooCommerce Plugin <= 3.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Cost of Goods for WooCommerce Type Plugin Vulnerable versions = 3.2.8 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0821 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 06f40e6d3a9e Credits...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.26 is vulnerable to Broken Access Control

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.26 Fixed in 1.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aef94ec88b0d Credits Ngô Thiên ...

Petrol Pump Management Software 1.0 Shell Upload Vulnerability

Exploit Title: Petrol pump management software - File Upload Remote Code Execution RCE unauthenticated Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution RCE unauthenticated Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/...

WordPress Coming Soon Maintenance Mode Plugin <= 1.0.5 is vulnerable to Sensitive Data Exposure

Software Coming Soon Maintenance Mode Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1475 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6da3f77ac231 Credits Francesco...

WordPress Password Protected Plugin <= 2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Password Protected Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a68f344cd36 Credits Felipe Restrepo...

PT-2024-5216 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 122.0.6261.57 Description: The issue is related to a use after free in DevTools, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could enable the attacke...

SwaggerSpy - Automated OSINT On SwaggerHub

SwaggerSpy is a tool designed for automated Open Source Intelligence OSINT on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is...