WordPress Order Limit for WooCommerce Plugin <= 2.0.0 is vulnerable to Broken Access Control

Software Order Limit for WooCommerce Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32675 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b286d283cb6a Credits Abdi Pranat...

WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...

WordPress HT Mega Plugin <= 2.4.9 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.4.9 Fixed in 2.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3307 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID d87a1e471944 Credits Webbernaut Required privilege Contributor...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2345 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de3d3d4867b8 Credits Tim Coen Required privilege...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3599 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bea6dcba69bc...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a queue priority value that will not map to the correct ieee80211 queue when QoS is disabled...

WordPress Wp Ultimate Review Plugin <= 2.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Software Wp Ultimate Review Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.3.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b452df5fd16 Credits Kyle...

WordPress HT Mega Plugin <= 2.4.6 is vulnerable to Sensitive Data Exposure

Software HT Mega Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6214 Patch priority High CVSS severity High 7.5 Developer HTMega PSID 4ecd8a800f95 Credits Francesco Carlucci Required privilege...

WordPress WP Meta SEO Plugin <= 4.5.12 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.12 Fixed in 4.5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6961 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6aa5d92333a8 Credits Krzysztof Zając...

WordPress WP Social Comments Plugin <= 1.7.3 is vulnerable to Broken Access Control

Software WP Social Comments Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a443a3a545ff Credits Friday Required privilege...

WordPress HUSKY Plugin <= 1.3.5.2 is vulnerable to Remote Code Execution (RCE)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.2 Fixed in 1.3.5.3 OWASP Top 10 A5: Security Misconfiguration Classification Remote Code Execution RCE CVE CVE-2024-32680 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5338513548eb Credits Yudistira Arya Required...

WordPress Salon booking system Plugin < 9.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Salon booking system Type Plugin Vulnerable versions 9.6.3 Fixed in 9.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2101 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed8158473297 Credits Priyanka Pande...

WordPress Support Genix Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software Support Genix Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49742 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 3d8f29e82159 Credits Yudistira Arya Required...

WordPress Navigation menu as Dropdown Widget Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Navigation menu as Dropdown Widget Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32126 Patch priority Low CVSS severity Low 5.9 Developer Jeroen Peters PSID 5c32e593787a Credits Joshua Chan Required...

WordPress WooBuddy Plugin <= 3.4.20 is vulnerable to PHP Object Injection

Software WooBuddy Type Plugin Vulnerable versions = 3.4.20 Fixed in 3.4.21 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32603 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a5c09e662bc0 Credits LVT-tholv2k Required privilege Subscriber...

WordPress Master Slider Plugin <= 3.9.5 is vulnerable to PHP Object Injection

Software Master Slider Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32600 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID d3cbc5a0e9db Credits Rafie Muhammad Patchstack Required privile...

WordPress Attesa Extra Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Attesa Extra Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32594 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4bca51f18f29 Credits Khalid Yusuf Required privilege Contribut...

WordPress TeraWallet – For WooCommerce Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software TeraWallet – For WooCommerce Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32584 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3858d275e8c9 Credits Joshua Chan Required...

WordPress Debug Log Manager Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Debug Log Manager Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-32582 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f92fe55cb9f Credits Majed Refaea Required...

WordPress Slider by 10Web Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32578 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3808548b6dad Credits Dimas Maulana Required privile...