CVE-2023-6564

GitLab CVE-2023-6564 affects GitLab EE Premium and Ultimate versions 16.4.3, 16.5.3, and 16.6.1. In projects that use subgroups to define who can push or merge to protected branches, subgroup members with the Developer role could push or merge to those protected branches, indicating an authorizat...

WordPress WP Recipe Maker Plugin <= 9.1.2 is vulnerable to Broken Access Control

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1206 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 59c6b1fa45e4 Credits Lucio Sá Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.87 is vulnerable to Cross Site Request Forgery (CSRF)

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.87 Fixed in 1.3.88 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0512 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID 883b845e41ec Credits Francesco Carlucci...

CVE-2024-24806 Improper Domain Lookup that potentially leads to SSRF attacks in libuv

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

WordPress AMP for WP Plugin <= 1.0.93.1 is vulnerable to Broken Access Control

Software AMP for WP Type Plugin Vulnerable versions = 1.0.93.1 Fixed in 1.0.93.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1043 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9c0cb8faa4a6 Credits Sean Murphy Required privileg...

WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6806 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1adb996175e5 Credits Sh Required privilege...

WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dd46b4b9ae28 Credits Lucio Sá Required privileg...

WordPress Elementor Website Builder Plugin <= 3.19.0 is vulnerable to Arbitrary File Deletion

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.19.0 Fixed in 3.19.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-24934 Patch priority Low CVSS severity Low 8.5 Developer Elementor PSID 8c8af1fc63cc Credits Rhynorater Justin...

WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS)

Software Wonder Slider Lite Type Plugin Vulnerable versions = 13.9 Fixed in 14.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24877 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 535b8a842a2e Credits Dimas Maulana Required privileg...

WordPress Easy Digital Downloads Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0659 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ffe82c6fd12f Credits emad Required...

WordPress Anonymous Restricted Content Plugin <= 1.6.2 is vulnerable to Bypass Vulnerability

Software Anonymous Restricted Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0909 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 3b50fe0358a1 Credits Francesco Carlucci...

WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contest Gallery Type Plugin Vulnerable versions = 21.2.8.4 Fixed in 21.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24887 Patch priority Low CVSS severity Low 5.4 Developer Wasiliy Strecker PSID bc8832951ec5 Credits Dhabaleshwar D...

WordPress RSS Aggregator by Feedzy Plugin <= 4.4.1 is vulnerable to Broken Access Control

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1092 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d6dde9967d92 Credits Muhammad Daffa Requir...

Mageia: Security Advisory (MGASA-2024-0023)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

WordPress Calculated Fields Form Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.52 Fixed in 1.2.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 51ba9c951440 Credits Richard Telleng...

WordPress Structured Content Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24839 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74b9c66453a9 Credits LVT-tholv2k Required privilege...

WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6.1 is vulnerable to Broken Access Control

Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6.1 Fixed in 1.0.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0797 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0495675d205 Credits...

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0790 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f8d9bc304588 Credits Francesco Carlucci Required...

WordPress Ultra Companion Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Ultra Companion Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24803 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 27efb6397cad Credits Ray Wilson Required privilege...