WordPress Custom Permalinks Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Permalinks Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0926 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 85e376d90fe6 Credits Ram Required privilege...

WordPress Tempera Theme <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Tempera Type Theme Vulnerable versions = 1.8.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43951 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 699efcd6c9d2 Credits stealthcopter Required privilege Contributor...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6631 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 297d76ad6b7c Credits Lucio Sá...

WordPress Envira Photo Gallery Plugin <= 1.8.14 is vulnerable to Broken Access Control

Software Envira Photo Gallery Type Plugin Vulnerable versions = 1.8.14 Fixed in 1.8.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c53eb2407a8 Credits Rafie Muhammad...

WordPress File Manager Pro Plugin <= 8.3.7 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.7 Fixed in 8.3.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7559 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fdf245f6ed76 Credits siunam Required privilege Subscriber...

WordPress Sirv Plugin <= 7.2.7 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE N/A Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID 9e701815e83c Credits scottaglia Required privilege Contributor Published 22 August, 2024...

WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection

Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.9.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43917 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 55f8b0990265 Credits Rafie Muhammad Patchstack Required...

WordPress User Private Files Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software User Private Files Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7848 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f9aa46f01a Credits Peter Thaleikis Required...

WordPress LH Add Media From Url Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)

Software LH Add Media From Url Type Plugin Vulnerable versions = 1.23 Fixed in 1.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7090 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b062d0fb1671 Credits Piotr Kuśpit...

WordPress App Builder Plugin <= 4.3.3 is vulnerable to SQL Injection

Software App Builder Type Plugin Vulnerable versions = 4.3.3 Fixed in 4.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7651 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4b83b8e2e95a Credits vgo0 Required privilege Unauthenticated Published 21...

CVE-2024-41699

Priority – CWE-552: Files or Directories Accessible to External Parties...

CVE-2024-41698

Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor...

CVE-2024-41697

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

CVE-2024-41699

Technical details about CVE-2024-41699 are not publicly available in the provided documents. No affected products, versions, or fixes are specified. Monitor for updates from authoritative sources.

Priority 安全漏洞

Priority is an ERP solution from Priority Israel. Priority has a security vulnerability that originates from improper neutralization of script-related HTML tags in web pages...

Priority 信息泄露漏洞

Priority is an ERP solution from Priority Israel. Priority suffers from an information disclosure vulnerability that arises from the disclosure of sensitive information to unauthorized actors...

Priority 安全漏洞

Priority is an ERP solution from Priority Israel. Priority has a security vulnerability that originates from a file or directory that is accessible to external parties...

WordPress GiveWP Plugin <= 3.14.1 is vulnerable to Arbitrary File Deletion

Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-5941 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 0a50b2a00b5f Credits villu164 Required privilege...