WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...

WordPress MasterStudy LMS Plugin <= 3.2.10 is vulnerable to Sensitive Data Exposure

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.10 Fixed in 3.2.11 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2106 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 809a15eb7a2b Credits Hiroho Shimada Required...

WordPress FluentForm Plugin <= 5.1.9 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.9 Fixed in 5.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6957 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ac30a92484ee Credits drop Required privilege...

WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.7 is vulnerable to PHP Object Injection

Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2006 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID ef206ea07872 Credits Francesco Carlucci...

WordPress Event Tickets Plugin < 5.8.1 is vulnerable to Broken Access Control

Software Event Tickets Type Plugin Vulnerable versions 5.8.1 Fixed in 5.8.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1316 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID dbfa94357fe1 Credits Scott Kingsley Clark Requir...

thinkhealth.priorityhealth.com Improper Access Control vulnerability OBB-3864600

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0378 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9bd74cd8e71 Credits...

WordPress Vimeography Plugin <= 2.3.2 is vulnerable to PHP Object Injection

Software Vimeography Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-0825 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d222d8e03d69 Credits Lucio Sá Required privilege Contributor...

WordPress SportsPress – Sports Club & League Manager Plugin <= 2.7.17 is vulnerable to Broken Access Control

Software SportsPress – Sports Club & League Manager Type Plugin Vulnerable versions = 2.7.17 Fixed in 2.7.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1178 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f2c7c572664c Credits...

WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Nextend Facebook Connect Type Plugin Vulnerable versions = 3.1.12 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1775 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6fbf027206e8 Credits Tobias...

WordPress GenerateBlocks Plugin <= 1.8.2 is vulnerable to Sensitive Data Exposure

Software GenerateBlocks Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1452 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17b91c2bc914 Credits Webbernaut Required privile...

WordPress Blue Triad EZAnalytics Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Blue Triad EZAnalytics Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 505430cf135b Credits WordFence...

WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...

SUSE CVE-2021-46997

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

WordPress Calculated Fields Form Plugin 5.0.0-5.1.56 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions 5.0.0-5.1.56 Fixed in 5.1.57 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2020 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID f60c98fd9fe8 Credits Asaf...

WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control

Software Sirv Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-27950 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 622e8386dd23 Credits CatFather Required privilege Subscriber Published 1...

WordPress Sirv Plugin <= 7.2.0 is vulnerable to Server Side Request Forgery (SSRF)

Software Sirv Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-27949 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 2040cb82998c Credits CatFather Required privilege...

ASB-A-316893159

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

WordPress Amelia Plugin <= 1.0.98 is vulnerable to Cross Site Scripting (XSS)

Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1484 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28e85735d453 Credits Muhammad Hassham Nagori...

WordPress Finale Lite Plugin <= 2.17.0 is vulnerable to Broken Access Control

Software Finale Lite Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.18.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1120 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 383bdaaeaeac Credits Francesco Carlucci Required...