WordPress CookieHub Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software CookieHub Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32784 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bf6c0519f789 Credits Abdi Pranata Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.94 is vulnerable to Arbitrary File Upload

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.94 Fixed in 1.3.95 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-1567 Patch priority High CVSS severity High 8.2 Developer WProyal PSID 7b79f8ce62d8 Credits wesley wcraft Required...

WordPress Vision Interactive Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software Vision Interactive Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32779 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ed5556ff45af Credits Steven Julian Required...

WordPress WP GoToWebinar Plugin <= 14.46 is vulnerable to Broken Access Control

Software WP GoToWebinar Type Plugin Vulnerable versions = 14.46 Fixed in 15.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dac08fd623ab Credits Abdi Pranata Required privilege...

WordPress AI Post Generator | AutoWriter Plugin <= 3.3 is vulnerable to Broken Access Control

Software AI Post Generator | AutoWriter Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32713 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1f7f2444d49e Credits LVT-tholv2k Requir...

WordPress ARForms Plugin <= 6.4 is vulnerable to Arbitrary File Deletion

Software ARForms Type Plugin Vulnerable versions = 6.4 Fixed in 6.4.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-32703 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 3d075249b9fb Credits Dave Jong Patchstack Required...

WordPress Advanced Testimonial Carousel for Elementor Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Advanced Testimonial Carousel for Elementor Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32783 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35c8e0e158f5 Credits...

PT-2024-26797

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a missing bounds check in superblock validation in the bcachefs component of the Linux kernel. This could potentially allow journal entries to overrun the end of...

WordPress Chauffeur Taxi Booking System for WordPress Plugin <= 6.9 is vulnerable to Broken Authentication

Software Chauffeur Taxi Booking System for WordPress Type Plugin Vulnerable versions = 6.9 Fixed in 7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-32692 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 7552e0fad1fd Credits luc...

WordPress Automatic Plugin < 3.93.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions 3.93.0 Fixed in 3.93.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 83f469455e38 Credits Rafie Muhammad Patchstack...

WordPress Customer Reviews for WooCommerce Plugin <= 5.47.0 is vulnerable to Cross Site Scripting (XSS)

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.47.0 Fixed in 5.48.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3731 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 75e280aac3db Credits...

WordPress LearnPress Plugin <= 4.2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.4 Fixed in 4.2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3560 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05282d717c17 Credits stealthcopter Required...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

WordPress Infographic Maker – iList Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Infographic Maker – iList Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baa0cb27dbc1 Credits Khalid Yusuf Required...

WordPress Click to Chat Plugin <= 3.35 is vulnerable to Local File Inclusion

Software Click to Chat Type Plugin Vulnerable versions = 3.35 Fixed in 4.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3849 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a9b57b69a7e Credits haidv35 from Viettel Cyber Security Required...

WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion

Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...

CVE-2023-52644

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabl...

CVE-2023-52644 wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabl...

WordPress MyRewards Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software MyRewards Type Plugin Vulnerable versions = 5.3.0 Fixed in 5.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32688 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4a61d830f2db Credits Emili Castells Required...

WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions 2.8.9 Fixed in 2.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2118 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7af0889b0efd Credits Dmitrii Ignatye...