5100 matches found
WordPress WP SVG images Plugin <= 4.2 is vulnerable to Cross Site Scripting (XSS)
Software WP SVG images Type Plugin Vulnerable versions = 4.2 Fixed in 4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5945 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b632fc271b3 Credits Colin Xu Required privilege...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.23 is vulnerable to SQL Injection
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.23 Fixed in 5.7.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5756 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4253637a6eb3 Credits Arkadiusz Hydzik Required...
WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Denial of Service Attack
Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Denial of Service Attack CVE CVE-2024-37111 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 725f15bcf19c Credits Dave Jong Patchsta...
WordPress Newspack Blocks Plugin <= 3.0.8 is vulnerable to Sensitive Data Exposure
Software Newspack Blocks Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37115 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4f21501b4dac Credits Rafie Muhammad Patchstack...
WordPress The Plus Addons for Elementor Pro Plugin <= 5.5.6 is vulnerable to Cross Site Scripting (XSS)
Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5344 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 01ee398507f7 Credits...
WordPress The Plus Addons for Elementor Pro Plugin <= 5.5.6 is vulnerable to Local File Inclusion
Software The Plus Addons for Elementor Pro Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5455 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7768d7567cf0 Credits wesley wcraft Required...
WordPress License Manager for WooCommerce Plugin <= 3.0.6 is vulnerable to Sensitive Data Exposure
Software License Manager for WooCommerce Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b1e43ddb6ac Credits Lucio Sá...
WordPress WP Child Theme Generator Plugin <= 1.1.1 is vulnerable to Broken Access Control
Software WP Child Theme Generator Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3610 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0ee7eb453287 Credits Lucio Sá Requir...
WordPress MasterStudy LMS Plugin <= 3.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.2.2 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-37093 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID baf1167c8e0f Credits Majed Refaea...
WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Sensitive Data Exposure
Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37113 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d824367bab60 Credits Dave Jong Patchstack...
WordPress Sinatra Theme <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Sinatra Type Theme Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37116 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f95e4d9351d5 Credits stealthcopter Required privilege Contributor...
WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Settings Change
Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-37106 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 71867d3bc447 Credits Dave Jong Patchstack Required...
CVE-2021-47592
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...
CVE-2021-47592
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...
DEBIAN-CVE-2021-47592
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...
CVE-2021-47592
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...
UBUNTU-CVE-2021-47592
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...
CVE-2021-47592 net: stmmac: fix tc flower deletion for VLAN priority Rx steering
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...
CVE-2021-47592 net: stmmac: fix tc flower deletion for VLAN priority Rx steering
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...
CVE-2021-47592
CVE-2021-47592 affects the Linux kernel stmmac driver and its VLAN priority RX steering path. The issue manifested as a NULL pointer dereference when deleting a tc flower filter for VLAN priority after a previous mis-implemented tc_del_vlan_flow() used flow_cls_offload_flow_rule() (invalid for tc...