WordPress JobSearch Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47394 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2995ae22faae Credits Bonds Required privilege Unauthenticat...

WordPress Top Bar – PopUps – by WPOptin Plugin <= 2.0.1 is vulnerable to Local File Inclusion

Software Top Bar – PopUps – by WPOptin Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-47645 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f22f05a49b0f Credits tahu.datar Required...

WordPress Starbox Plugin < 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.3 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8239 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03e73e132e18 Credits Dmitrii Ignatyev Required privileg...

WordPress Payflex Payment Gateway Plugin <= 2.6.1 is vulnerable to Open Redirection

Software Payflex Payment Gateway Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-47646 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID ac682bcd42a4 Credits Muhamad Agil Fachrian Required privile...

WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47374 Patch priority Medium CVSS severity Medium 7.1 Developer Hai Zheng / Lite Speed Cache PSID b2ad66b394ec Credits TaiYou Required...

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

WordPress Premium Blocks – Gutenberg Blocks for WordPress Plugin <= 2.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Premium Blocks – Gutenberg Blocks for WordPress Type Plugin Vulnerable versions = 2.1.33 Fixed in 2.1.34 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47368 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID f6e2745653a5 Credits João Pedro ...

SUSE CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

DEBIAN-CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

UBUNTU-CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

CVE-2024-46837 drm/panthor: Restrict high priorities on group_create

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Sensitive Data Exposure

Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-7713 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 5f8161e14afa Credi...

WordPress WP Mail Catcher Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47339 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c286bdf972a5 Credits Le Ngoc Anh Required privilege...

WordPress Newsletters Plugin <= 4.9.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletters Type Plugin Vulnerable versions = 4.9.9.1 Fixed in 4.9.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47346 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a4418b91ec6 Credits Le Ngoc Anh Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.34 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.34 Fixed in 5.7.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8771 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3427c89899f Credits Michelle...

WordPress ProfileGrid Plugin <= 5.9.3.2 is vulnerable to Cross Site Scripting (XSS)

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.2 Fixed in 5.9.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8861 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 907c16cddd3d Credits Francesco Carlucci...

WordPress JupiterX Core Plugin <= 4.7.5 is vulnerable to Broken Authentication

Software JupiterX Core Type Plugin Vulnerable versions = 4.7.5 Fixed in 4.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4950f50fad7a Credits Geo Void...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.15 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8803 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 78a9bff492c8 Credits vgo0...

WordPress Multi Step for Contact Form Plugin <= 2.7.7 is vulnerable to SQL Injection

Software Multi Step for Contact Form Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47331 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a27c5e08d690 Credits Hakiduck Required privilege...

WordPress WS Form LITE Plugin <= 1.9.238 is vulnerable to Cross Site Scripting (XSS)

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.238 Fixed in 1.9.244 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47320 Patch priority Medium CVSS severity Medium 7.1 Developer WS Form PSID cb1829e55bbc Credits savphill Required privilege...