WordPress Quill Forms Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Quill Forms Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47393 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34a391a0728b Credits LVT-tholv2k Required privilege Contributor...

WordPress WP MyLinks Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software WP MyLinks Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47371 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a980ce4c70f6 Credits SOPROBRO Required privilege Editor Publishe...

WordPress Confetti Fall Animation Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Confetti Fall Animation Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47641 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1b31f88b4d3 Credits stealthcopter Required privilege...

WordPress TNC PDF viewer Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software TNC PDF viewer Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47372 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9e1d9364ffe7 Credits SOPROBRO Required privilege Editor...

WordPress YITH WooCommerce Ajax Search Plugin <= 2.8.0 is vulnerable to SQL Injection

Software YITH WooCommerce Ajax Search Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47350 Patch priority High CVSS severity High 9.3 Developer YITH PSID 596c2acc77c4 Credits Hakiduck Required privilege Unauthenticated...

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...

WordPress GTM Server Side Plugin <= 2.1.19 is vulnerable to Cross Site Scripting (XSS)

Software GTM Server Side Type Plugin Vulnerable versions = 2.1.19 Fixed in 2.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8712 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cddfd6eae0a1 Credits vgo0 Required...

WordPress Premium Blocks – Gutenberg Blocks for WordPress Plugin <= 2.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Premium Blocks – Gutenberg Blocks for WordPress Type Plugin Vulnerable versions = 2.1.33 Fixed in 2.1.34 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47368 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID f6e2745653a5 Credits João Pedro ...

WordPress WP Bulk Delete Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Bulk Delete Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47352 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc28e517fd6c Credits Dimas Maulana Required privilege...

WordPress EU/UK VAT Manager for WooCommerce Plugin <= 2.12.12 is vulnerable to Broken Access Control

Software EU/UK VAT Manager for WooCommerce Type Plugin Vulnerable versions = 2.12.12 Fixed in 2.12.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9189 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ca5dfbffbcf9 Credits Francesc...

WordPress Cost Calculator Builder Plugin < 3.2.29 is vulnerable to SQL Injection

Software Cost Calculator Builder Type Plugin Vulnerable versions 3.2.29 Fixed in 3.2.29 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8379 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0f5b1e009da9 Credits Kientt Required privilege Administrator...

SUSE CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

DEBIAN-CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

UBUNTU-CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

CVE-2024-46837 drm/panthor: Restrict high priorities on group_create

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...

WordPress Newsletters Plugin <= 4.9.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletters Type Plugin Vulnerable versions = 4.9.9.1 Fixed in 4.9.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47346 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a4418b91ec6 Credits Le Ngoc Anh Required privilege...

WordPress WP Mail Catcher Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Mail Catcher Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47339 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c286bdf972a5 Credits Le Ngoc Anh Required privilege...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Sensitive Data Exposure

Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-7713 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 5f8161e14afa Credi...

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.15 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8803 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 78a9bff492c8 Credits vgo0...