SUSE CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.87 Fixed in 2.6.87 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7203 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 959e4abbd849 Credits Mohammad Reza Omrani Require...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40000 Patch priority High CVSS severity High 8.3 Developer Hai Zheng / Lite Speed Cache PSID 61e99b6b8264 Credits Rafie Muhammad Patchsta...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Broken Authentication

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-6584 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f4a18b4236e5 Credits Marc Montpas...

CVE-2024-25770

libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.31 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.31 Fixed in 2.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 18903688a247 Credits Webbernaut...

WordPress BeePress Plugin <= 6.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software BeePress Type Plugin Vulnerable versions = 6.9.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-27197 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23f23a1e9a56 Credits Majed Refaea Required...

WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software postMash – custom post order Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f81d96aa3cf3 Credits Dimas Maulana Require...

WordPress NotificationX Plugin <= 2.8.2 is vulnerable to SQL Injection

Software NotificationX Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1698 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 7d9025b61012 Credits Krzysztof Zając Required privilege Unauthenticated...

WordPress Rolo Slider Plugin <= 1.0.9 is vulnerable to Settings Change

Software Rolo Slider Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-1438 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 601d954731d6 Credits Emili Castells Required privilege...

WordPress Addon Library Plugin <= 1.3.76 is vulnerable to Arbitrary File Upload

Software Addon Library Type Plugin Vulnerable versions = 1.3.76 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1710 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b052d391256e Credits Lucio Sá Required privilege Subscriber...

WordPress Socialdriver Theme < 2024 is vulnerable to Cross Site Scripting (XSS)

Software Socialdriver Type Theme Vulnerable versions 2024 Fixed in 2024 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-4826 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b8a90a1f910 Credits longxi Required privilege Unauthenticated...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0830 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c14d6f7a75c Credits Francesco...

WordPress Brizy Plugin <= 2.4.40 is vulnerable to Directory Traversal

Software Brizy Type Plugin Vulnerable versions = 2.4.40 Fixed in 2.4.41 OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-1165 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d07c7816cd90 Credits wesley wcraft Required privilege...

WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Adsmonetizer Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-1437 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8446c2dca06a Credits Majed Refaea Required privilege...

WordPress Slivery Extender Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)

Software Slivery Extender Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-27191 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID d59c4b4628dc Credits LVT-tholv2k Required privilege...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Broken Access Control

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cdb4c1c8e480 Credits Francesco Carlucci...

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1810 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 20ae6785aa4a Credi...

UBUNTU-CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...