WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to SQL Injection

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3561 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 5e99e2eccc53 Credits Jack Taylor Required privilege Contributor...

WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...

WordPress Word Balloon Plugin <= 4.21.1 is vulnerable to Local File Inclusion

Software Word Balloon Type Plugin Vulnerable versions = 4.21.1 Fixed in 4.22.0 OWASP Top 10 A6: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-35781 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b66b1bcd514 Credits João Pedro S Alcântara...

WordPress Export WP Page to Static HTML/CSS Plugin <= 2.2.2 is vulnerable to Open Redirection

Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3597 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 938d3f0380c6 Credits Krzysztof Zając Required...

WordPress Depicter Slider Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f1ad707b2c Credits Arkadiusz Hydzik Required...

DEBIAN-CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

WordPress WP Magazine Modules Lite Plugin <= 1.1.2 is vulnerable to Local File Inclusion

Software WP Magazine Modules Lite Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5574 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 60f52a06449e Credits stealthcopter Required privilege...

WordPress Salon booking system Plugin <= 10.2 is vulnerable to Arbitrary File Upload

Software Salon booking system Type Plugin Vulnerable versions = 10.2 Fixed in 10.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3229 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73c749725728 Credits Gibran Abdillah Required privilege...

WordPress MIMO Woocommerce Order Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MIMO Woocommerce Order Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5768 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 17c034ea51f0 Credits Luci...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Arbitrary File Upload

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-2381 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID d2eaecbf428e Credits Lucio Sá Required privilege Subscriber...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not validating TCATAPRIOATTRPRIOMAP...

WordPress Page Builder: Live Composer Plugin <= 1.5.50 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.50 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35768 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b331f6102ccd Credits savphill Required privilege...

WordPress Sirv Plugin <= 7.2.6 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.6 Fixed in 7.2.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-5853 Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID b8d1b016bf81 Credits Lucio Sá Required privilege Contributor Published 18 June,...

WordPress WordPress Picture / Portfolio / Media Gallery Plugin <= 3.0.1 is vulnerable to Server Side Request Forgery (SSRF)

Software WordPress Picture / Portfolio / Media Gallery Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5021 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 4f6e62e03ba9 Credits...

WordPress Customizr Theme <= 4.4.21 is vulnerable to Cross Site Request Forgery (CSRF)

Software Customizr Type Theme Vulnerable versions = 4.4.21 Fixed in 4.4.22 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35771 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6f2a240dd11c Credits Dhabaleshwar Das Require...

WordPress Greenshift – animation and page builder blocks Plugin <= 8.8.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Greenshift – animation and page builder blocks Type Plugin Vulnerable versions = 8.8.9.1 Fixed in 8.9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb212ed9cc65 Credits João...

WordPress Excellent Theme <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Excellent Type Theme Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35763 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85c92164ea82 Credits stealthcopter Required privilege Contributor...

WordPress Popup Builder Plugin <= 4.3.0 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2544 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 4d2b92dba351 Credits Alex Thomas Required...

WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control

Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...

WordPress LatePoint Plugin <= 4.9.9 is vulnerable to Broken Access Control

Software LatePoint Type Plugin Vulnerable versions = 4.9.9 Fixed in 4.9.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2472 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID c507e34d06b9 Credits Gharib Sharifi - WaveSec Joel Avia...