WordPress SportsPress – Sports Club & League Manager Plugin <= 2.7.17 is vulnerable to Broken Access Control

Software SportsPress – Sports Club & League Manager Type Plugin Vulnerable versions = 2.7.17 Fixed in 2.7.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1178 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f2c7c572664c Credits...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0378 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9bd74cd8e71 Credits...

WordPress GenerateBlocks Plugin <= 1.8.2 is vulnerable to Sensitive Data Exposure

Software GenerateBlocks Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1452 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17b91c2bc914 Credits Webbernaut Required privile...

WordPress Vimeography Plugin <= 2.3.2 is vulnerable to PHP Object Injection

Software Vimeography Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-0825 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d222d8e03d69 Credits Lucio Sá Required privilege Contributor...

WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Nextend Facebook Connect Type Plugin Vulnerable versions = 3.1.12 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1775 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6fbf027206e8 Credits Tobias...

WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...

SUSE CVE-2021-46997

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control

Software Sirv Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27950 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 622e8386dd23 Credits CatFather Required privilege Subscriber Published 1...

WordPress Amelia Plugin <= 1.0.98 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1484 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e85735d453 Credits Muhammad Hassham Nagori...

WordPress Finale Lite Plugin <= 2.17.0 is vulnerable to Broken Access Control

Software Finale Lite Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.18.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1120 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 383bdaaeaeac Credits Francesco Carlucci Required...

WordPress Calculated Fields Form Plugin 5.0.0-5.1.56 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions 5.0.0-5.1.56 Fixed in 5.1.57 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2020 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID f60c98fd9fe8 Credits Asaf...

WordPress Exclusive Addons Elementor Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eec3f461cc61 Credits Webbernaut...

ASB-A-316893159

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

WordPress Sirv Plugin <= 7.2.0 is vulnerable to Server Side Request Forgery (SSRF)

Software Sirv Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-27949 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 2040cb82998c Credits CatFather Required privilege...

WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...

CVE-2021-46997

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

DEBIAN-CVE-2021-46997

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

WordPress Avada Theme <= 7.11.4 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.4 Fixed in 7.11.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1468 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 3720cafcf208 Credits Muhammad Zeeshan Xib3rR4dAr Required privilege...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Anti Hacker Plugin <= 4.51 is vulnerable to Broken Access Control

Software Anti Hacker Type Plugin Vulnerable versions = 4.51 Fixed in 4.52 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1860 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bbb1acb1d01e Credits Lucio Sá Required privilege...