WordPress Master Slider Plugin <= 3.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Master Slider Type Plugin Vulnerable versions = 3.9.10 Fixed in 3.10.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50900 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e2a39371f6f9 Credits LVT-tholv2k Require...

WordPress Page Builder: Live Composer Plugin <= 1.5.42 is vulnerable to PHP Object Injection

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.42 Fixed in 1.5.43 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-35780 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 6cf6e28bf12c Credits LVT-tholv2k Required...

WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload

Software Pexels: Free Stock Photos Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6132 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 042650894638 Credits István Márton Required...

WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication

Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to SQL Injection

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3561 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 5e99e2eccc53 Credits Jack Taylor Required privilege Contributor...

WordPress Wheel of Life Plugin <= 1.1.7 is vulnerable to Broken Access Control

Software Wheel of Life Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3627 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 68abc18dc3c6 Credits Lucio Sá Required privilege...

WordPress Depicter Slider Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f1ad707b2c Credits Arkadiusz Hydzik Required...

WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...

WordPress Export WP Page to Static HTML/CSS Plugin <= 2.2.2 is vulnerable to Open Redirection

Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3597 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 938d3f0380c6 Credits Krzysztof Zając Required...

WordPress Shariff Plugin <= 4.6.13 is vulnerable to Local File Inclusion

Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in 4.6.14 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4098 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b8cd85e9b3c3 Credits haidv35 Required privilege Unauthenticated...

WordPress Media Library Assistant Plugin <= 3.16 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.16 Fixed in 3.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5605 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a2ffbb62fd66 Credits Krzysztof Zając Required privilege Contribut...

WordPress Word Balloon Plugin <= 4.21.1 is vulnerable to Local File Inclusion

Software Word Balloon Type Plugin Vulnerable versions = 4.21.1 Fixed in 4.22.0 OWASP Top 10 A6: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-35781 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b66b1bcd514 Credits João Pedro S Alcântara...

DEBIAN-CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

WordPress Salon booking system Plugin <= 10.2 is vulnerable to Arbitrary File Upload

Software Salon booking system Type Plugin Vulnerable versions = 10.2 Fixed in 10.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3229 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73c749725728 Credits Gibran Abdillah Required privilege...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Arbitrary File Upload

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-2381 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID d2eaecbf428e Credits Lucio Sá Required privilege Subscriber...

WordPress Page Builder: Live Composer Plugin <= 1.5.50 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.50 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35768 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b331f6102ccd Credits savphill Required privilege...

WordPress Customizr Theme <= 4.4.21 is vulnerable to Cross Site Request Forgery (CSRF)

Software Customizr Type Theme Vulnerable versions = 4.4.21 Fixed in 4.4.22 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35771 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6f2a240dd11c Credits Dhabaleshwar Das Require...

WordPress WP Magazine Modules Lite Plugin <= 1.1.2 is vulnerable to Local File Inclusion

Software WP Magazine Modules Lite Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5574 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 60f52a06449e Credits stealthcopter Required privilege...

WordPress Sirv Plugin <= 7.2.6 is vulnerable to Arbitrary File Upload

Software Sirv Type Plugin Vulnerable versions = 7.2.6 Fixed in 7.2.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-5853 Patch priority Medium CVSS severity Medium 9.9 Developer Sirv PSID b8d1b016bf81 Credits Lucio Sá Required privilege Contributor Published 18 June,...

WordPress WordPress Picture / Portfolio / Media Gallery Plugin <= 3.0.1 is vulnerable to Server Side Request Forgery (SSRF)

Software WordPress Picture / Portfolio / Media Gallery Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5021 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 4f6e62e03ba9 Credits...