PT-2024-41407 · Dit +1 · Webkitgtk-4.0-Lang +63

Уязвимость OpenSUSE...

WordPress Image Alt Text Plugin <= 2.0.0 is vulnerable to Broken Access Control

Software Image Alt Text Type Plugin Vulnerable versions = 2.0.0 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11918 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1d18febc0ea7 Credits WordFence Required privilege...

WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)

Software Widget Options Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8672 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 44c40aa090ca Credits Webbernaut Required privilege...

WordPress FAQ Builder AYS Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software FAQ Builder AYS Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4525aff9e72c Credits vgo0 Required...

WordPress SEO Landing Page Generator Plugin <= 1.66.2 is vulnerable to Cross Site Scripting (XSS)

Software SEO Landing Page Generator Type Plugin Vulnerable versions = 1.66.2 Fixed in 1.66.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d742f2bf7f0 Credits vgo0...

WordPress StreamWeasels YouTube Integration Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels YouTube Integration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11788 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbd6037644c5 Credits...

WordPress File Manager Pro Plugin <= 1.8.4 is vulnerable to Arbitrary File Upload

Software File Manager Pro Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8066 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 0f4641bb0b51 Credits TANG Cheuk Hei siunam Required privileg...

WordPress Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) Plugin <= 1.2.1 is vulnerable to SQL Injection

Software Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-11009 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID...

WordPress Kudos Donations Plugin <= 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Kudos Donations Type Plugin Vulnerable versions = 3.2.9 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27c0ae774d02 Credits vgo0 Required...

WordPress Leopard - WordPress offload media Plugin <= 3.1.1 is vulnerable to Broken Access Control

Software Leopard - WordPress offload media Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10589 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9f2ff23f7d2f Credits Tonn...

WordPress Category Ajax Filter Plugin <= 2.8.2 is vulnerable to Local File Inclusion

Software Category Ajax Filter Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10871 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 41b4026eef43 Credits Le Ngoc Anh Required privilege...

WordPress Hustle Plugin <= 7.8.5 is vulnerable to Broken Access Control

Software Hustle Type Plugin Vulnerable versions = 7.8.5 Fixed in 7.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10580 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 82d2fb561073 Credits Vijaysimha Reddy vijaysimha Required privileg...

WordPress Otter - Gutenberg Block Plugin <= 3.0.6 is vulnerable to Path Traversal

Software Otter - Gutenberg Block Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-11219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 16f94f193561 Credits mikemyers Required privilege...

WordPress Pricing Tables For WPBakery Page Builder Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Pricing Tables For WPBakery Page Builder Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10175 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0ff7f9a0a3a4 Credits...

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2.2 is vulnerable to Arbitrary Code Execution

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2.2 Fixed in 1.4.2.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10640 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID 9ec73d22667c Credits mikemyers...

WordPress Sugar Calendar (Lite) Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Sugar Calendar Lite Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10878 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8ef7ef64f31f Credits Peter Thaleik...

WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation

Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...

WordPress FluentSMTP Plugin <= 2.2.82 is vulnerable to PHP Object Injection

Software FluentSMTP Type Plugin Vulnerable versions = 2.2.82 Fixed in 2.2.83 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9511 Patch priority Low CVSS severity Low 9.8 Developer WP ManageNinja LLC PSID 44d93a16fa65 Credits Leo Required privilege Unauthenticated...

WordPress MP3 Sticky Player Plugin <= 8.0 is vulnerable to Path Traversal

Software MP3 Sticky Player Type Plugin Vulnerable versions = 8.0 Fixed in 8.1 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2024-10803 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f73c5492a133 Credits Tonn Required privilege...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Broken Access Control

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9941 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 71c6636a78f1 Credits Tonn Required privilege Subscriber...