CVE-2024-43315 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1...

CVE-2024-43315 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1...

CVE-2024-43315

CVE-2024-43315: Authorization bypass via a user-controlled key in Stripe Payments For WooCommerce by Checkout Plugins (Stripe Payments For WooCommerce by Checkout). Affected: Checkout’s Stripe plugin for WooCommerce, versions up to and including 1.9.1. Impact per the cited metrics: HIGH risk (CVS...

CVE-2024-6500

CVE-2024-6500 affects WordPress InPost for WooCommerce (&lt;= 1.4.0) and InPost PL (

CVE-2024-7501 Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the downloadtheme function. This makes it possible for unauthenticated...

CVE-2024-7501

CVE-2024-7501 affects the WordPress plugin Download Plugins and Themes in ZIP from Dashboard. The vulnerability is CSRF due to missing/incorrect nonce validation in download_theme(), enabling unauthenticated attackers to cause a forged request to download arbitrary themes. Impact details from con...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 5, 2024 to August 11, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-5258)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5258 advisory. aardvark-dns buildah 2:1.33.8-4 - rebuild for golang fixes - Related: RHEL-28452 cockpit-podman 84.1-1 - update to...

container-tools:ol8 security update

aardvark-dns buildah 2:1.33.8-4 - rebuild for golang fixes - Related: RHEL-28452 cockpit-podman 84.1-1 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1 - Related: Jira:RHEL-25557 conmon 3:2.1.10-1 - update to https://github.com/containers/conmon/releases/tag/v2.1.10...

OESA-2024-1959 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 29, 2024 to August 4, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-43044 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.452.3)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-43044 Source advisory: OSV:GHSA-H856-FFVV-XVR4...

Advisory ROSA-SA-2024-2462

Software: gstreamer1.0-plugins-good 1.19.1 OS: ROSA-CHROME packageevrstring: gstreamer1.0-plugins-good-1.19.1-4 CVE-ID: CVE-2022-2122 BDU-ID: 2022-06453 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the qtdemuxinflate function of the Gstreamer multimedia framework is caused by an integer overflow...

CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-41110)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41110 advisory. - Moby is an open-source project created by Docker for software containerization. A security vulnerabilit...

Exploit for Cross-site Scripting in Webcodingplace Ultimate_Classified_Listings

It is an exploit module/toolkit targeting a vulnerability in a s...

CVE-2024-39626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rob @ 5 Star Plugins Pretty Simple Popup Builder pretty-simple-popup-builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through = 1.0.9...

CVE-2024-39626

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7...

Moderate: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.2 bugfix release

Red Hat Developer Hub 1.2.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...