WordPress Salon booking system Plugin <= 9.9 is vulnerable to Arbitrary File Deletion

Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37231 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 096d4dd72ddd Credits LVT-tholv2k Required...

WordPress Academy LMS Plugin <= 2.0.10 is vulnerable to Open Redirection

Software Academy LMS Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-37234 Patch priority Low CVSS severity Low 3.5 Developer Claim ownership PSID 657d1fa47413 Credits Mochamad Sofyan Required privilege Subscriber...

WordPress Themify – WooCommerce Product Filter Plugin <= 1.4.9 is vulnerable to SQL Injection

Software Themify – WooCommerce Product Filter Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6027 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0ec8ecf4ef08 Credits Arkadiusz Hydzik Required...

WordPress Groundhogg Plugin <= 3.4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 3.4.2.3 Fixed in 3.4.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4cc62fb9525a Credits Ananda Dhakal Patchstack...

WordPress Book Landing Page Theme <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Book Landing Page Type Theme Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37230 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b75fbc99c1f0 Credits Dhabaleshwar Das...

WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4477 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 68e2026bab3a Credits Bob Matyas Required...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to Directory Traversal

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-37224 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 45309fbf1e76 Credits CatFather Required...

WordPress Newspack Newsletters Plugin <= 2.13.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newspack Newsletters Type Plugin Vulnerable versions = 2.13.2 Fixed in 2.13.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8f54e12bc4ce Credits Rafie Muhamm...

CVE-2022-48748 net: bridge: vlan: fix memory leak in __allowed_ingress

In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in allowedingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and t...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37210 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02abd7b980c0 Credits Majed Refaea Required...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e361f4846097 Credits Majed Refaea Required privilege...

WordPress Tabs Plugin <= 4.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Type Plugin Vulnerable versions = 4.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca26fed23f5 Credits Jean Tirstan T Required privilege Administrator...

WordPress Sinatra Theme <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Sinatra Type Theme Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37116 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f95e4d9351d5 Credits stealthcopter Required privilege Contributor...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Sensitive Data Exposure

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37113 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d824367bab60 Credits Dave Jong Patchstack...

WordPress Responsive video embed Plugin < 0.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Responsive video embed Type Plugin Vulnerable versions 0.5.1 Fixed in 0.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5475 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 325ee9be976d Credits Felipe Caon Require...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to SQL Injection

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification SQL Injection CVE CVE-2024-37112 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 61954a7187be Credits Dave Jong Patchstack Required...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37092 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID cd47aa6df162 Credits Rafie Muhammad Patchstack...

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Settings Change

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-37106 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 71867d3bc447 Credits Dave Jong Patchstack Required...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.8 is vulnerable to Sensitive Data Exposure

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.8 Fixed in 3.5.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-24709 Patch priority Low CVSS severity Low 7.5 Developer WP Lab PSID 227921a369c8 Credits Aman Rawat Required privileg...

WordPress Hide Dashboard Notifications Plugin <= 1.3 is vulnerable to Broken Access Control

Software Hide Dashboard Notifications Type Plugin Vulnerable versions = 1.3 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1955 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 47605ad93239 Credits Francesco Carlucci...