WordPress User Profile Picture Plugin <= 2.6.1 is vulnerable to Broken Access Control

Software User Profile Picture Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f06c42237928 Credits JoanClarke2 Required...

WordPress MasterStudy LMS Plugin <= 3.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-37093 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID baf1167c8e0f Credits Majed Refaea...

WordPress Popup box Plugin <= 4.5.1 is vulnerable to Broken Access Control

Software Popup box Type Plugin Vulnerable versions = 4.5.1 Fixed in 4.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37096 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID aaf62ab75160 Credits Abdi Pranata Required privile...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.8 is vulnerable to Sensitive Data Exposure

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.8 Fixed in 3.5.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-24709 Patch priority Low CVSS severity Low 7.5 Developer WP Lab PSID 227921a369c8 Credits Aman Rawat Required privileg...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37092 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID cd47aa6df162 Credits Rafie Muhammad Patchstack...

CVE-2021-47592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

CVE-2021-47592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

DEBIAN-CVE-2021-47592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

CVE-2021-47592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

UBUNTU-CVE-2021-47592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

CVE-2021-47592 net: stmmac: fix tc flower deletion for VLAN priority Rx steering

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

CVE-2021-47592 net: stmmac: fix tc flower deletion for VLAN priority Rx steering

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

CVE-2021-47592

CVE-2021-47592 affects the Linux kernel stmmac driver and its VLAN priority RX steering path. The issue manifested as a NULL pointer dereference when deleting a tc flower filter for VLAN priority after a previous mis-implemented tc_del_vlan_flow() used flow_cls_offload_flow_rule() (invalid for tc...

WordPress Shariff Plugin <= 4.6.13 is vulnerable to Local File Inclusion

Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in 4.6.14 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4098 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b8cd85e9b3c3 Credits haidv35 Required privilege Unauthenticated...

WordPress Media Library Assistant Plugin <= 3.16 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.16 Fixed in 3.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5605 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a2ffbb62fd66 Credits Krzysztof Zając Required privilege Contribut...

WordPress Wheel of Life Plugin <= 1.1.7 is vulnerable to Broken Access Control

Software Wheel of Life Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3627 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 68abc18dc3c6 Credits Lucio Sá Required privilege...

WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication

Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...

WordPress Master Slider Plugin <= 3.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Master Slider Type Plugin Vulnerable versions = 3.9.10 Fixed in 3.10.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50900 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e2a39371f6f9 Credits LVT-tholv2k Require...

WordPress Page Builder: Live Composer Plugin <= 1.5.42 is vulnerable to PHP Object Injection

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.42 Fixed in 1.5.43 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-35780 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 6cf6e28bf12c Credits LVT-tholv2k Required...

WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload

Software Pexels: Free Stock Photos Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6132 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 042650894638 Credits István Márton Required...