WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Integration for Contact Form 7 and Constant Contact Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35632 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Popup Builder Plugin < 1.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 1.1.33 Fixed in 1.1.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3236 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c56e5abe41cb Credits Eunho Kim Required privile...

WordPress WP Go Maps Plugin <= 9.0.36 is vulnerable to Cross Site Scripting (XSS)

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.36 Fixed in 9.0.37 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3557 Patch priority Low CVSS severity Low 6.5 Developer WP Go Maps PSID 5d4346327305 Credits Thanh Nam Tran Required privileg...

WordPress WP Photo Album Plus Plugin <= 8.7.00.003 is vulnerable to Content Injection

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.00.003 Fixed in 8.7.00.004 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4037 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c20c334a973 Credits stealthcopter Required...

WordPress YITH WooCommerce Ajax Search Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Ajax Search Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4455 Patch priority High CVSS severity High 7.1 Developer YITH PSID cdafc8b37008 Credits Krzysztof Zając...

WordPress EmbedPress Plugin <= 3.9.12 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.9.12 Fixed in 3.9.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1803 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 58b21d9fa99a Credits WordFence Required privilege...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...

WordPress Similarity Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Similarity Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3972 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3941fac517e1 Credits Bob Matyas Required privilege...

WordPress Email Log Plugin <= 2.4.8 is vulnerable to Other Vulnerability Type

Software Email Log Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2024-0867 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7750b3ba7ece Credits Sean Murphy Required privilege...

WordPress Spectra Plugin <= 2.13.0 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4366 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e05306d8c6c Credits Ngô Thiên An ancorn Required...

WordPress LuckyWP Table of Contents Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2218 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f253e02e4fa4 Credits Sławomir...

WordPress FluentForm Plugin <= 5.1.15 is vulnerable to PHP Object Injection

Software FluentForm Type Plugin Vulnerable versions = 5.1.15 Fixed in 5.1.16 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4157 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 3330782fcf1c Credits Tobias Weißhaar kun19 Required privilege...

WordPress Brizy Plugin <= 2.4.43 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.43 Fixed in 2.4.44 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3711 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a9b9ee44fc3 Credits Lucio Sá Required privilege Contributo...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.107 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.107 Fixed in 1.5.108 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4779 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 2c76236c1b5c...

WordPress wpDataTables Plugin <= 3.4.2.12 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.12 Fixed in 3.4.2.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4895 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 468050b27d74 Credits Tim Coen Requir...

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1762 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c09536c816a Credits Piotr Kuśpit Required...

WordPress LearnPress Plugin <= 4.2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.6 Fixed in 4.2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4971 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff054c167 Credits stealthcopter Required...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Sensitive Data Exposure

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2088 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3f1f558bcdc3 Credits Colin Xu Required privilege...