CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

CVE-2024-10924

CVE-2024-10924 affects Really Simple Security (Free, Pro, Pro Multisite) WordPress plugin versions 9.0.0–9.1.1.1. Fault lies in improper validation of login_nonce within the two-factor REST API actions (check_login_and_get_user), enabling unauthenticated attackers to log in as any existing user (...

CVE-2024-10924 Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

Malicious code in multi-module-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aff0b4072fc406f1d6cf7be27b624904d2db63d968a2f00b56a7ef6db5ad7e3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10762 Malicious code in multi-module-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aff0b4072fc406f1d6cf7be27b624904d2db63d968a2f00b56a7ef6db5ad7e3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

containernetworking-plugins security update

1:1.5.1-2 - rebuild for CVE-2024-24791 - Resolves: RHEL-47166 1:1.5.1-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.5.1 - Related: RHEL-27608 1:1.5.0-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.5.0 - Related: RHEL-27608 1:1.4.1-1 -...

VulnCheck KEV: CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it...

au.com.versent.jenkins.plugins:ignore-committer-strategy (=29.v7c3891a_434c3), com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0) +118 more potentially affected by CVE-2024-52550 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=3975.v567e2a_1ffa_22)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =2.33.0, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.20 - de.taimos:pipeline-deploymon =1.0 and more Source cves: CVE-2024-52550 Source advisory: OSV:GHSA-MRPR-VR82-X88R...

org.jenkins-ci.plugins:role-strategy (=675.va_5f27678f6d6) potentially affected by CVE-2024-52552 via org.jenkins-ci.plugins:authorize-project (=1.7.0)

org.jenkins-ci.plugins:authorize-project MAVEN version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:authorize-project and may be impacted: - org.jenkins-ci.plugins:role-strategy =675.va5f27678f6d6 Source cves:...

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

Jenkins plugins Multiple Vulnerabilities (2024-11-13)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform...

RHSA-2024:9056 Red Hat Security Advisory: gstreamer1-plugins-base security update

Bulletin has no description...

Oracle Linux 8 : gstreamer1-plugins-base (ELSA-2024-9056)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9056 advisory. - CVE-2024-4453 gstreamer1: EXIF Metadata Parsing Integer Overflow Tenable has extracted the preceding description block directly from the Oracle Linux security...

AlmaLinux 8 : gstreamer1-plugins-base (ALSA-2024:9056)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:9056 advisory. gstreamer: EXIF Metadata Parsing Integer Overflow CVE-2024-4453 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

SUSE SLED15: apache-commons-lang3 / apache-commons-lang3-javadoc / bcel / etc (SUSE-SU-SUSE-RU-2024:3971-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:3971-1 advisory. xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed...

CVE-2024-34014

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension for Plesk Linux...

Moderate: Red Hat Security Advisory: gstreamer1-plugins-base security update

An update for gstreamer1-plugins-base is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2024-52354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through = 1.1...

CVE-2024-52354 WordPress Web Stories Widgets For Elementor plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through = 1.1...