WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.31 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.31 Fixed in 2.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 18903688a247 Credits Webbernaut...

WordPress Slivery Extender Plugin <= 1.0.2 is vulnerable to Remote Code Execution (RCE)

Software Slivery Extender Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-27191 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID d59c4b4628dc Credits LVT-tholv2k Required privilege...

WordPress Addon Library Plugin <= 1.3.76 is vulnerable to Arbitrary File Upload

Software Addon Library Type Plugin Vulnerable versions = 1.3.76 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1710 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b052d391256e Credits Lucio Sá Required privilege Subscriber...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Broken Access Control

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cdb4c1c8e480 Credits Francesco Carlucci...

WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software postMash – custom post order Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f81d96aa3cf3 Credits Dimas Maulana Require...

WordPress BeePress Plugin <= 6.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software BeePress Type Plugin Vulnerable versions = 6.9.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-27197 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23f23a1e9a56 Credits Majed Refaea Required...

UBUNTU-CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

CVE-2023-52461 drm/sched: Fix bounds limiting when given a malformed entity

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

CVE-2023-52461 drm/sched: Fix bounds limiting when given a malformed entity

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

WordPress Colibri Page Builder Plugin <= 1.0.253 is vulnerable to Cross Site Request Forgery (CSRF)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.253 Fixed in 1.0.260 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1361 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ba2ec46e6e74 Credits Lucio Sá...

CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

WordPress Play.ht Plugin <= 3.6.4 is vulnerable to PHP Object Injection

Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1772 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 571b81755147 Credits Francesco Carlucci Required privilege Contribut...

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1133 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f48325f20ce3 Credits drop Required privilege Subscriber...

WordPress File Manager Pro Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7015 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 809f77f5638f Credits Tobias Weißhaar...

WordPress Academy LMS Plugin <= 1.9.19 is vulnerable to Privilege Escalation

Software Academy LMS Type Plugin Vulnerable versions = 1.9.19 Fixed in 1.9.20 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-1505 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 65c72fe58c1f Credits Lucio Sá Required privilege...

WordPress Cost of Goods for WooCommerce Plugin <= 3.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Cost of Goods for WooCommerce Type Plugin Vulnerable versions = 3.2.8 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0821 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 06f40e6d3a9e Credits...

WordPress wpDataTables Plugin <= 3.4.2.4 is vulnerable to Cross Site Scripting (XSS)

Software wpDataTables Type Plugin Vulnerable versions = 3.4.2.4 Fixed in 3.4.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0591 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8b3b0085c333 Credits stealthcopter Required...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Content Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-1128 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f8a158bf40f Credits drop Required privilege Student Published 21 Februar...