CVE-2024-11362

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it...

CVE-2024-11362

CVE-2024-11362 affects the Payments Plugin and Checkout Plugin for WooCommerce (WordPress) — PeachPay Payments, covering the Stripe/PayPal/Square/Authorize.net integration — with a Reflected Cross-Site Scripting flaw in all versions up to 1.112.0, caused by insufficient escaping in add_query_arg....

CVE-2024-11362 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it...

CVE-2024-9422

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

CVE-2024-9422

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

PT-2024-16936 · Paypal +3 · Paypal +4

Name of the Vulnerable Software and Affected Versions: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress versions prior to 1.112.1 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg...

PT-2024-39622 · WordPress · Gmw-Premium-Settings +1

Name of the Vulnerable Software and Affected Versions: GEO my WP WordPress plugin versions prior to 4.5 gmw-premium-settings WordPress plugin versions prior to 3.1 Description: The issue is related to insufficient validation of files to be uploaded, which could allow attackers to upload arbitrary...

CVE-2024-51634

Cross-Site Request Forgery CSRF vulnerability in a.ankit Webriti Custom Login webriti-custom-login-page allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through = 0.3...

CVE-2024-51634

CVE-2024-51634 describes a CSRF to Reflected XSS vulnerability in the WordPress plugin Webriti Custom Login (Webriti Shop plugins), affecting versions up to 0.3. The provided documents confirm the issue and its affected range, but do not include a published fix version or concrete remediation ste...

CVE-2024-51657 WordPress SmartLink Dynamic URLs plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through = 1.1.0...

CVE-2024-51657 WordPress SmartLink Dynamic URLs plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through = 1.1.0...

CVE-2024-51657

CVE-2024-51657 affects WordPress SmartLink Dynamic URLs plugin (versions up to 1.1.0). Root cause: CSRF that can lead to Stored XSS. Impact per CVSS: HIGH (7.1). Exploitation requires unauthenticated access; user interaction is not necessarily needed for CSRF, but the stored XSS effect can occur ...

CVE-2024-31141

CVE-2024-31141 affects Apache Kafka Clients (2.3.0–3.7.0, including 3.5.2 and 3.6.2) with ConfigProvider plugins that read from disk or environment variables via FileConfigProvider/DirectoryConfigProvider/EnvVarConfigProvider. The root cause is improper privilege management that allows untrusted ...

RockyLinux 8 : gstreamer1-plugins-base (RLSA-2024:9056)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9056 advisory. gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 Tenable has extracted the preceding description block directly from the RockyLinux security...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-9089)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-9089 advisory. - rebuild for CVE-2024-24791 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

wordpress-really-simple-security-authn-bypass-vulnerable-appli...

Vulnerabilities of the plugins Really Simple Security Free, Really Simple Security Pro, and Really Simple Security Pro Multisite of the WordPress content management system, which allow attackers to increase their privileges.

The vulnerabilities of the Really Simple Security Free, Really Simple Security Pro, and Really Simple Security Pro Multisite plugins of the WordPress content management system are related to authentication process flaws. Exploiting these vulnerabilities can allow attackers to increase their...

Exploit for Missing Authorization in Wpxpo Postx

CVE-2024-10728 PostX = 4.1.16 - Missing Authorization to A...

RHSA-2024:9089 Red Hat Security Advisory: containernetworking-plugins security update

Bulletin has no description...

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...