WordPress Fancy Elementor Flipbox Plugin <= 2.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2349 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd388fab11b8 Credits Francesco Carluc...

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.4 is vulnerable to SQL Injection

Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2661 Patch priority High CVSS severity High 8.5 Developer DMitry PSID 7524c36d6a64 Credits Peter Thaleikis Required...

WordPress Grid Gallery Plugin <= 1.4.3 is vulnerable to PHP Object Injection

Software Grid Gallery Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1897 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 43f9768655e4 Credits Francesco Carlucci Required privilege...

WordPress Masteriyo - LMS Plugin <= 1.7.3 is vulnerable to Broken Authentication

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-33939 Patch priority Medium CVSS severity Medium 5.3 Developer Masteriyo PSID ce37ea579b31 Credits Steven Julian Required privilege...

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

WordPress Cost Calculator Builder Pro Plugin <= 3.1.67 is vulnerable to Cross Site Scripting (XSS)

Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.67 Fixed in 3.1.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4097 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 99ec603c6f20 Credits andrea...

WordPress Event Management Tickets Booking Plugin <= 1.3.4 is vulnerable to PHP Object Injection

Software Event Management Tickets Booking Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1895 Patch priority Medium CVSS severity Medium 7.4 Developer Claim ownership PSID d93e6770a231 Credits Francesco Carlucci...

WordPress Google Typography Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Google Typography Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33942 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8afac0da0e50 Credits Abdi Pranata Required privile...

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...

CVE-2022-48642

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix percpu memory leak at nftablesaddchain It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a "netfilter: nftables: map basechain priority to hardware priority" wh...

WordPress Print My Blog Plugin <= 3.26.2 is vulnerable to Broken Access Control

Software Print My Blog Type Plugin Vulnerable versions = 3.26.2 Fixed in 3.26.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33907 Patch priority Low CVSS severity Low 5.3 Developer Michael Nelson PSID 21993595be67 Credits Steven Julian Required privile...

WordPress Analytify Plugin <= 5.2.3 is vulnerable to Broken Access Control

Software Analytify Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1809 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ab2e692a810a Credits Lucio Sá Required privilege Subscrib...

WordPress Share This Image Plugin <= 1.98 is vulnerable to Open Redirection

Software Share This Image Type Plugin Vulnerable versions = 1.98 Fixed in 1.99 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-33930 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 8ff8b7f51b08 Credits stealthcopter Required privilege Unauthenticate...

WordPress Social Share Buttons by Supsystic Plugin <= 2.2.9 is vulnerable to Broken Access Control

Software Social Share Buttons by Supsystic Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47330 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 619b2c170607 Credits Abdi...

WordPress Embed Google Fonts Plugin <= 3.1.0 is vulnerable to Broken Access Control

Software Embed Google Fonts Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33925 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a530cac3d37a Credits Abdi Pranata Required...

WordPress Democracy Poll Plugin <= 6.0.3 is vulnerable to Broken Access Control

Software Democracy Poll Type Plugin Vulnerable versions = 6.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33920 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 4ebe2afd67c8 Credits thiennv Required privilege...

WordPress WP Media Cleaner Plugin <= 6.7.2 is vulnerable to Sensitive Data Exposure

Software WP Media Cleaner Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.7.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-33922 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 489615881bfc Credits Joshua Chan Required...

WordPress Directorist Plugin <= 7.8.6 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.8.6 Fixed in 7.9.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33929 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4002917cae9a Credits Dhabaleshwar Das Required privile...

WordPress WPC Composite Products for WooCommerce Plugin <= 7.2.7 is vulnerable to Cross Site Scripting (XSS)

Software WPC Composite Products for WooCommerce Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2838 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c5256a4c7c7a...

WordPress AJAX Login and Registration modal popup + inline form Plugin <= 2.23 is vulnerable to Cross Site Scripting (XSS)

Software AJAX Login and Registration modal popup + inline form Type Plugin Vulnerable versions = 2.23 Fixed in 2.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33918 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID ea1aeec00d87...