WordPress Ultimate WP Mail plugin <= 1.3.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Aiden Thái An in WordPress Plugin Ultimate WP Mail versions = 1.3.4...

WordPress Easy Replace Image plugin <= 3.5.0 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by theviper17 in WordPress Plugin Easy Replace Image versions = 3.5.0...

WordPress GS Testimonial Slider plugin <= 3.2.9 - Content Injection vulnerability

Content Injection vulnerability discovered by theviper17 in WordPress Plugin GS Testimonial Slider versions = 3.2.9...

WordPress JupiterX Core plugin <= 4.8.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin JupiterX Core versions = 4.8.11...

WordPress Ultimate WP Mail plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin Ultimate WP Mail versions = 1.3.4...

WordPress Simple File List plugin <= 6.1.13 - Settings Change Vulnerability

Settings Change Vulnerability discovered by Mika in WordPress Plugin Simple File List versions = 6.1.13...

WordPress Listamester plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Listamester versions = 2.3.6...

WordPress PGS Core plugin <= 5.8.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

Configure Proper Key Algorithms for User Authentication

If the public and private key authentication mode is used, the public and private key algorithms on the client must be restricted to avoid using insecure algorithms that have been phased out in the industry. The recommended security algorithms are sorted by priority as follows. The algorithms hav...

WordPress Wolmart Theme <= 1.8.11 is vulnerable to Content Injection

Software Wolmart Type Theme Vulnerable versions = 1.8.11 Fixed in 1.8.12 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-13793 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID 21e712d07197 Credits Lucio Sá Required privilege Unauthenticated...

WordPress Xavin's List Subpages plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Xavin's List Subpages versions = 1.3...

WordPress PGS Core plugin <= 5.8.0 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

WordPress BuddyBoss Platform Pro plugin <= 2.7.01 - Authentication Bypass via Apple OAuth provider vulnerability

Authentication Bypass via Apple OAuth provider vulnerability discovered by István Márton in WordPress Plugin BuddyPress Platform Pro versions = 2.7.01...

WordPress Nomupay Payment Processing Gateway plugin <= 7.1.7 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.7...

WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin Visual Builder versions = 1.2.2...

WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Product Category Slider for WooCommerce versions = 4.3.4...

WordPress MStore API plugin <= 4.17.4 - Unauthenticated Limited Privilege Escalation vulnerability

Unauthenticated Limited Privilege Escalation vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MStore API versions = 4.17.4...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from an unverified region HPA order that could lead to a null pointer dereference. An attacker cou...

WordPress Team Members Plugin plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by siavashvafshar in WordPress Plugin Team Members Plugin versions = 3.4.1...

WordPress Page View Count plugin 2.8.0-2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by kr0d in WordPress Plugin Page View Count versions 2.8.0-2.8.4...