WordPress Create by Mediavine Plugin <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Create by Mediavine Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5601 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID ca91d82db3a3 Credits Krzysztof Zając Required...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.25 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.25 Fixed in 5.7.26 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37252 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 3780ace67cce Credits shaman0x01 Required privilege...

WordPress Spotify Play Button Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Spotify Play Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81b0c1de1aa9 Credits Bob Matyas Required...

WordPress BLAZE Retail Widget Plugin 2.2.5-2.5.2 is vulnerable to Backdoor

Software BLAZE Retail Widget Type Plugin Vulnerable versions 2.2.5-2.5.2 Fixed in 2.5.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID b9aa7ce213ab Credits WordFence Required privilege Unauthenticated...

WordPress Contact Form 7 Multi-Step Addon Plugin 1.0.4-1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions 1.0.4-1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 210ed7e4774a Credits WordFence Required privilege...

WordPress Social Warfare Plugin 4.4.6.4-4.4.7.1 is vulnerable to Backdoor

Software Social Warfare Type Plugin Vulnerable versions 4.4.6.4-4.4.7.1 Fixed in 4.4.7.3 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 29aedd9dc6eb Credits WordFence Required privilege Unauthenticated...

WordPress Logo Manager For Enamad Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4757 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 134c5c763311 Credits Bob Matyas...

WordPress Wrapper Link Elementor Plugin 1.0.2,1.0.3 is vulnerable to Backdoor

Software Wrapper Link Elementor Type Plugin Vulnerable versions 1.0.2,1.0.3 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73ed028987ed Credits WordFence Required privilege Unauthenticate...

WordPress Quiz Maker Plugin <= 6.5.8.3 is vulnerable to SQL Injection

Software Quiz Maker Type Plugin Vulnerable versions = 6.5.8.3 Fixed in 6.5.8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6028 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 91d50e136383 Credits Arkadiusz Hydzik Required privilege Unauthenticat...

WordPress ContentLock Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software ContentLock Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6023 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38c834154e63 Credits Norbert Hofmann Required...

WordPress Uber Menu Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Uber Menu Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3593 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b1b8ab906f9b Credits M.Awad Required privilege...

SUSE CVE-2021-47592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

SUSE CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37238 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19fe789eab09 Credits Majed Refa...

WordPress Zoho Marketing Automation Plugin <= 1.2.7 is vulnerable to SQL Injection

Software Zoho Marketing Automation Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37225 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c6d98be82212 Credits LVT-tholv2k Required privilege...

WordPress Loco Translate Plugin <= 2.6.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Loco Translate Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37236 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f02123bf72f2 Credits Nosa Shandy Required...

WordPress Sparkle Demo Importer Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Sparkle Demo Importer Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6120 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 65191ad4a953 Credits Lucio Sá Required...

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37241 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90dee78eac8d Credits Raf...

WordPress InstaWP Connect Plugin <= 0.1.0.38 is vulnerable to Arbitrary File Upload

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.38 Fixed in 0.1.0.39 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Upload CVE CVE-2024-37228 Patch priority High CVSS severity High 10 Developer InstaWP PSID de870abeda47 Credits AtaTurk1925 Required privilege...

WordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Broken Access Control

Software Kanban Boards for WordPress Type Plugin Vulnerable versions = 2.5.21 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37226 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06ba84554f72 Credits LVT-tholv2k Requir...