WordPress Sirv Plugin <= 7.2.7 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE N/A Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID 9e701815e83c Credits scottaglia Required privilege Contributor Published 22 August, 2024...

WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.9.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43917 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 55f8b0990265 Credits Rafie Muhammad Patchstack Required...

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

WordPress LH Add Media From Url Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)

Software LH Add Media From Url Type Plugin Vulnerable versions = 1.23 Fixed in 1.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b062d0fb1671 Credits Piotr Kuśpit...

WordPress App Builder Plugin <= 4.3.3 is vulnerable to SQL Injection

Software App Builder Type Plugin Vulnerable versions = 4.3.3 Fixed in 4.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7651 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4b83b8e2e95a Credits vgo0 Required privilege Unauthenticated Published 21...

CVE-2024-41699

Priority – CWE-552: Files or Directories Accessible to External Parties...

CVE-2024-41698

Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor...

CVE-2024-41697

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

CVE-2024-41699

Technical details about CVE-2024-41699 are not publicly available in the provided documents. No affected products, versions, or fixes are specified. Monitor for updates from authoritative sources.

WordPress WP Last Modified Info Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Last Modified Info Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6864 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e374934e79b Credits Webbernaut Require...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to SQL Injection

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6847 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2bfe1eee61ea Credits Karolis Narvilas Required privilege Unauthenticat...

WordPress GiveWP Plugin <= 3.14.1 is vulnerable to Arbitrary File Deletion

Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-5941 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 0a50b2a00b5f Credits villu164 Required privilege...

Priority 安全漏洞

Priority is an ERP solution from Priority Israel. Priority has a security vulnerability that originates from improper neutralization of script-related HTML tags in web pages...

Priority 信息泄露漏洞

Priority is an ERP solution from Priority Israel. Priority suffers from an information disclosure vulnerability that arises from the disclosure of sensitive information to unauthorized actors...

Priority 安全漏洞

Priority is an ERP solution from Priority Israel. Priority has a security vulnerability that originates from a file or directory that is accessible to external parties...

WordPress SmartSearch WP Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software SmartSearch WP Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6843 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29f289a57217 Credits Karolis Narvilas...

WordPress GEO my WordPress Plugin < 4.5.0.2 is vulnerable to Local File Inclusion

Software GEO my WordPress Type Plugin Vulnerable versions 4.5.0.2 Fixed in 4.5.0.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-6330 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1d2a75d492b7 Credits Michael Dyrna Required privilege...

WordPress Skitter Slideshow Plugin <= 2.5.2 is vulnerable to Server Side Request Forgery (SSRF)

Software Skitter Slideshow Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-1751 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 248ddea6bcba Credits Bartu Utku SARP Required...

WordPress Bricks Builder Theme <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bricks Builder Type Theme Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3408 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a8763892e84e Credits Ram Required privilege...

WordPress Admission AppManager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Admission AppManager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4507 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 138041d75b79 Credits zulu caPWN...