WordPress Supreme Modules Lite Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Supreme Modules Lite Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db7cdff0f72f Credits Webbernaut Required...

WordPress Popup Box Plugin < 2.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Popup Box Type Plugin Vulnerable versions 2.2.7 Fixed in 2.2.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3477 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d1f8f6b4cec4 Credits Bob Matyas Required privileg...

WordPress Side Menu Lite Plugin < 4.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Side Menu Lite Type Plugin Vulnerable versions 4.2.1 Fixed in 4.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3476 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 570b701cebb0 Credits Bob Matyas Required...

WordPress WP Recipe Maker Plugin <= 9.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.3.1 Fixed in 9.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5ee8e6ab9022 Credits stealthcopter Required...

DEBIAN-CVE-2024-26937

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

CVE-2024-26937

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

UBUNTU-CVE-2024-26937

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

CVE-2024-26937 drm/i915/gt: Reset queue_priority_hint on parking

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete befo...

WordPress All-in-One Video Gallery Plugin <= 3.6.4 is vulnerable to Arbitrary File Upload

Software All-in-One Video Gallery Type Plugin Vulnerable versions = 3.6.4 Fixed in 3.6.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4033 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID cfa484cd1cd9 Credits stealthcopter Required...

kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

WordPress Cost Calculator Builder Pro Plugin <= 3.1.67 is vulnerable to Cross Site Scripting (XSS)

Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.67 Fixed in 3.1.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4097 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 99ec603c6f20 Credits andrea...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.4 is vulnerable to SQL Injection

Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2661 Patch priority High CVSS severity High 8.5 Developer DMitry PSID 7524c36d6a64 Credits Peter Thaleikis Required...

WordPress Grid Gallery Plugin <= 1.4.3 is vulnerable to PHP Object Injection

Software Grid Gallery Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1897 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 43f9768655e4 Credits Francesco Carlucci Required privilege...

WordPress Fancy Elementor Flipbox Plugin <= 2.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2349 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd388fab11b8 Credits Francesco Carluc...

WordPress Where Did You Hear About Us Checkout Field for WooCommerce Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Where Did You Hear About Us Checkout Field for WooCommerce Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2752 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

WordPress Google Typography Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Google Typography Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33942 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8afac0da0e50 Credits Abdi Pranata Required privile...

WordPress Masteriyo - LMS Plugin <= 1.7.3 is vulnerable to Broken Authentication

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-33939 Patch priority Medium CVSS severity Medium 5.3 Developer Masteriyo PSID ce37ea579b31 Credits Steven Julian Required privilege...

WordPress Event Management Tickets Booking Plugin <= 1.3.4 is vulnerable to PHP Object Injection

Software Event Management Tickets Booking Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1895 Patch priority Medium CVSS severity Medium 7.4 Developer Claim ownership PSID d93e6770a231 Credits Francesco Carlucci...