WordPress Exclusive Addons Elementor Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eec3f461cc61 Credits Webbernaut...

WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...

CVE-2021-46997

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

DEBIAN-CVE-2021-46997

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

WordPress Avada Theme <= 7.11.4 is vulnerable to Arbitrary File Upload

Software Avada Type Theme Vulnerable versions = 7.11.4 Fixed in 7.11.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1468 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 3720cafcf208 Credits Muhammad Zeeshan Xib3rR4dAr Required privilege...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Anti Hacker Plugin <= 4.51 is vulnerable to Broken Access Control

Software Anti Hacker Type Plugin Vulnerable versions = 4.51 Fixed in 4.52 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1860 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bbb1acb1d01e Credits Lucio Sá Required privilege...

SUSE CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.87 Fixed in 2.6.87 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7203 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 959e4abbd849 Credits Mohammad Reza Omrani Require...

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40000 Patch priority High CVSS severity High 8.3 Developer Hai Zheng / Lite Speed Cache PSID 61e99b6b8264 Credits Rafie Muhammad Patchsta...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Broken Authentication

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-6584 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f4a18b4236e5 Credits Marc Montpas...

CVE-2024-25770

libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c...

WordPress NotificationX Plugin <= 2.8.2 is vulnerable to SQL Injection

Software NotificationX Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1698 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 7d9025b61012 Credits Krzysztof Zając Required privilege Unauthenticated...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.31 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.31 Fixed in 2.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 18903688a247 Credits Webbernaut...

WordPress Rolo Slider Plugin <= 1.0.9 is vulnerable to Settings Change

Software Rolo Slider Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-1438 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 601d954731d6 Credits Emili Castells Required privilege...

WordPress Socialdriver Theme < 2024 is vulnerable to Cross Site Scripting (XSS)

Software Socialdriver Type Theme Vulnerable versions 2024 Fixed in 2024 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-4826 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b8a90a1f910 Credits longxi Required privilege Unauthenticated...

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Archivist – Custom Archive Templates Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1810 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 20ae6785aa4a Credi...

WordPress Brizy Plugin <= 2.4.40 is vulnerable to Directory Traversal

Software Brizy Type Plugin Vulnerable versions = 2.4.40 Fixed in 2.4.41 OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-1165 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d07c7816cd90 Credits wesley wcraft Required privilege...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0830 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c14d6f7a75c Credits Francesco...