Vulnerability Summary for the Week of October 28, 2024

Vulnerability Summary for the Week of October 28, 2024 | CISA

by nlqip
November 4, 2024

abdullahirfan — documentpress
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1. 2024-10-29 6.1 CVE-2024-49656 audit@patchstack.com
abdullahirfan — whitelist
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5. 2024-10-29 6.1 CVE-2024-49643 audit@patchstack.com
AffiliateX–AffiliateX
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9. 2024-10-29 6.5 CVE-2024-49692 audit@patchstack.com
Ahmed Kaludi, Mohammed Kaludi–AMP for WP
Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1. 2024-11-01 6.3 CVE-2024-43146 audit@patchstack.com
Alex Volkov–WP Accessibility Helper (WAH)
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9. 2024-11-01 5.3 CVE-2024-37926 audit@patchstack.com
alexgff–WPGlobus Translate Options
The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-31 6.1 CVE-2024-9434 security@wordfence.com
security@wordfence.com
aliazlan — risk_warning_bar
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0. 2024-10-29 6.1 CVE-2024-49638 audit@patchstack.com
amadercodelab — acl_floating_cart_for_woocommerce
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9. 2024-10-29 6.1 CVE-2024-49640 audit@patchstack.com
amilia — store
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a through 2.9.8. 2024-10-28 5.4 CVE-2024-50472 audit@patchstack.com
Andy Moyle–Church Admin
Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4. 2024-11-01 4.3 CVE-2024-37440 audit@patchstack.com
Apache Software Foundation–Apache NiFi
Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.28.0 or 2.0.0-M4 is the recommended mitigation. 2024-10-29 4.6 CVE-2024-45477 security@apache.org
apple — ipad_os
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service. 2024-10-28 6.5 CVE-2024-44297 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination. 2024-10-28 5.5 CVE-2024-44144 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data. 2024-10-28 5.5 CVE-2024-44194 product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory. 2024-10-28 5.5 CVE-2024-44215 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history. 2024-10-28 5.3 CVE-2024-44229 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. 2024-11-01 5.5 CVE-2024-44232 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. 2024-11-01 5.5 CVE-2024-44233 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. 2024-11-01 5.5 CVE-2024-44234 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state. 2024-10-28 5.5 CVE-2024-44239 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data. 2024-10-28 5.5 CVE-2024-44254 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files. 2024-10-28 5.5 CVE-2024-44269 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information. 2024-10-28 5.5 CVE-2024-44273 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information. 2024-10-28 5.5 CVE-2024-44282 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory. 2024-10-28 5.5 CVE-2024-44302 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. 2024-10-28 4.6 CVE-2024-44235 product-security@apple.com
apple — ipados
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. 2024-10-28 4.3 CVE-2024-44244 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados
The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information. 2024-10-28 4.6 CVE-2024-44274 product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files. 2024-10-28 6.5 CVE-2024-44294 product-security@apple.com
product-security@apple.com
apple — macos
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data. 2024-10-28 5.5 CVE-2024-40855 product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen. 2024-10-28 5.5 CVE-2024-44174 product-security@apple.com
apple — macos
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. 2024-10-28 5.5 CVE-2024-44175 product-security@apple.com
product-security@apple.com
apple — macos
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker in a privileged network position may be able to leak sensitive user information. 2024-10-28 5.9 CVE-2024-44213 product-security@apple.com
product-security@apple.com
apple — macos
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination. 2024-10-28 5.5 CVE-2024-44236 product-security@apple.com
product-security@apple.com
apple — macos
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. 2024-10-28 5.5 CVE-2024-44247 product-security@apple.com
product-security@apple.com
apple — macos
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. 2024-10-28 5.5 CVE-2024-44253 product-security@apple.com
product-security@apple.com
apple — macos
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to create symlinks to protected regions of the disk. 2024-10-28 5.5 CVE-2024-44264 product-security@apple.com
product-security@apple.com
apple — macos
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. 2024-10-28 5.5 CVE-2024-44267 product-security@apple.com
product-security@apple.com
apple — macos
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a file may lead to disclosure of user information. 2024-10-28 5.5 CVE-2024-44281 product-security@apple.com
product-security@apple.com
apple — macos
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a maliciously crafted file may lead to an unexpected app termination. 2024-10-28 5.5 CVE-2024-44284 product-security@apple.com
product-security@apple.com
apple — macos
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. 2024-10-28 5.5 CVE-2024-44287 product-security@apple.com
product-security@apple.com
apple — macos
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen. 2024-10-28 4.6 CVE-2024-44137 product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — safari
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy. 2024-10-28 6.5 CVE-2024-44155 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — visionos
This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information. 2024-10-28 5.5 CVE-2024-44262 product-security@apple.com
Apple–iOS and iPadOS
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. 2024-10-28 6.2 CVE-2024-44261 product-security@apple.com
product-security@apple.com
Apple–iOS and iPadOS
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data. 2024-10-28 4 CVE-2024-44263 product-security@apple.com
Apple–macOS
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data. 2024-10-28 6.2 CVE-2024-44216 product-security@apple.com
product-security@apple.com
Apple–macOS
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination. 2024-10-28 6.5 CVE-2024-44237 product-security@apple.com
product-security@apple.com
Apple–macOS
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory. 2024-10-28 6.5 CVE-2024-44240 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
Apple–macOS
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. 2024-10-28 6.2 CVE-2024-44257 product-security@apple.com
product-security@apple.com
Apple–macOS
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app with root privileges may be able to modify the contents of system files. 2024-10-28 6.7 CVE-2024-44260 product-security@apple.com
product-security@apple.com
Apple–macOS
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a file may lead to disclosure of user information. 2024-10-28 6.5 CVE-2024-44279 product-security@apple.com
product-security@apple.com
Apple–macOS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a maliciously crafted file may lead to an unexpected app termination. 2024-10-28 6.5 CVE-2024-44283 product-security@apple.com
product-security@apple.com
Apple–macOS
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen. 2024-10-28 5.7 CVE-2024-44145 product-security@apple.com
product-security@apple.com
Apple–macOS
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs. 2024-10-28 5.5 CVE-2024-44278 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
Apple–macOS
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system. 2024-10-28 5.5 CVE-2024-44301 product-security@apple.com
product-security@apple.com
Apple–visionOS
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. 2024-10-28 5.4 CVE-2024-44296 product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
argoproj–argo-workflows
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2. 2024-10-28 5.7 CVE-2024-47827 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
Arraytics–Timetics
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21. 2024-11-01 5.3 CVE-2024-37427 audit@patchstack.com
Arraytics–Timetics
Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23. 2024-11-01 5.3 CVE-2024-43923 audit@patchstack.com
Aruba.it–Aruba HiSpeed Cache
Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12. 2024-11-01 4.3 CVE-2024-43119 audit@patchstack.com
Atarim–Atarim
Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0. 2024-11-01 6.5 CVE-2024-38771 audit@patchstack.com
Atarim–Atarim
Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.1. 2024-11-01 5.3 CVE-2024-43290 audit@patchstack.com
atomchat–Group Chat & Video Chat by AtomChat
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-11-01 6.4 CVE-2024-10232 security@wordfence.com
security@wordfence.com
security@wordfence.com
Automattic–Newspack Blocks
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8. 2024-11-01 5.4 CVE-2024-37425 audit@patchstack.com
Automattic–Newspack Content Converter
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5. 2024-11-01 6.5 CVE-2024-37477 audit@patchstack.com
Automattic–Newspack Newsletters
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2. 2024-11-01 5.3 CVE-2024-37475 audit@patchstack.com
Automattic–Newspack
Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6. 2024-11-01 4.3 CVE-2024-43968 audit@patchstack.com
Automattic–WP Job Manager – Resume Manager
Missing Authorization vulnerability in Automattic WP Job Manager – Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager – Resume Manager: from n/a through 2.1.0. 2024-11-01 4.3 CVE-2024-37443 audit@patchstack.com
Avirtum–iPanorama 360 WordPress Virtual Tour Builder
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3. 2024-11-01 5.3 CVE-2024-38690 audit@patchstack.com
AyeCode Ltd–GetPaid
Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11. 2024-11-01 4.3 CVE-2024-43973 audit@patchstack.com
AyeCode Ltd–UsersWP
Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15. 2024-11-01 5.3 CVE-2024-43277 audit@patchstack.com
AyeCode WP Business Directory Plugins–GeoDirectory
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70. 2024-11-01 4.3 CVE-2024-43981 audit@patchstack.com
AyeCode–GeoDirectory
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AyeCode GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.80. 2024-10-28 6.5 CVE-2024-50437 audit@patchstack.com
bdthemes — element_pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget ‘image_title’ parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-11-02 5.4 CVE-2024-10310 security@wordfence.com
security@wordfence.com
bdthemes — element_pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget ‘url’ parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-11-02 5.4 CVE-2024-9868 security@wordfence.com
security@wordfence.com
BearDev–JoomSport
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0. 2024-11-01 4.3 CVE-2024-43355 audit@patchstack.com
BearDev–JoomSport
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3. 2024-11-01 4.3 CVE-2024-44031 audit@patchstack.com
Beckhoff–TwinCAT Package Manager
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed. 2024-10-31 6.5 CVE-2024-8934 info@cert.vde.com
BeyondTrust–Privileged Identity
A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. 2024-10-30 6.4 CVE-2024-9110 13061848-ea10-403d-bd75-c83a022c2891
Bitly–Bitly
Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. 2024-11-01 6.5 CVE-2024-43209 audit@patchstack.com
blazethemes–Newsmatic
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1. 2024-11-01 5.3 CVE-2024-37468 audit@patchstack.com
bPlugins LLC–Flash & HTML5 Video
Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. 2024-11-01 4.3 CVE-2024-43296 audit@patchstack.com
BracketSpace–Advanced Cron Manager debug & control
Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9. 2024-11-01 4.3 CVE-2024-43154 audit@patchstack.com
Brainstorm Force–Astra Widgets
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14. 2024-10-28 6.5 CVE-2024-50439 audit@patchstack.com
Brainstorm Force–Spectra
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7. 2024-11-01 4.3 CVE-2024-37517 audit@patchstack.com
britner–Gutenberg Blocks with AI by Kadence WP Page Builder Features
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-11-01 6.4 CVE-2024-9655 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
campusexplorer — widget
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Campus Explorer Campus Explorer Widget allows Reflected XSS.This issue affects Campus Explorer Widget: from n/a through 1.4. 2024-10-29 6.1 CVE-2024-49660 audit@patchstack.com
Caseproof, LLC–Memberpress
Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. 2024-11-01 6.5 CVE-2024-43956 audit@patchstack.com
CHANGING Information Technology–IDExpert
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. 2024-11-01 6.1 CVE-2024-10652 twcert@cert.org.tw
twcert@cert.org.tw
CHANGING Information Technology–IDExpert
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. 2024-11-01 4.9 CVE-2024-10651 twcert@cert.org.tw
twcert@cert.org.tw
Charitable Donations & Fundraising Team–Charitable
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. 2024-11-01 6.5 CVE-2024-37510 audit@patchstack.com
Charitable Donations & Fundraising Team–Charitable
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. 2024-11-01 5.3 CVE-2024-37506 audit@patchstack.com
chartscss — coub
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Rami Yushuvaev Coub allows Stored XSS.This issue affects Coub: from n/a through 1.4. 2024-10-29 5.4 CVE-2024-49659 audit@patchstack.com
chatplusjp — chatplusjp
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in allows Reflected XSS.This issue affects chatplusjp: from n/a through 1.02. 2024-10-29 6.1 CVE-2024-49664 audit@patchstack.com
checklist — trip_plan
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.10. 2024-10-28 5.4 CVE-2024-50471 audit@patchstack.com
Chris Coyier–CodePen Embedded Pens Shortcode
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.2. 2024-10-28 6.5 CVE-2024-50440 audit@patchstack.com
Clibo Manager–Clibo Manager
Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the ‘/public/login’ directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims. 2024-10-31 6.1 CVE-2024-10454 cve-coordination@incibe.es
climaxthemes — kata_plus
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Climax Themes Kata Plus allows Stored XSS.This issue affects Kata Plus: from n/a through 1.4.7. 2024-10-28 5.4 CVE-2024-50501 audit@patchstack.com
climaxthemes–Kata Plus Addons for Elementor Widgets, Extensions and Templates
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-29 6.4 CVE-2024-9376 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
Cloudways–Breeze
Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14. 2024-10-29 5.3 CVE-2024-50422 audit@patchstack.com
Cloudways–Breeze
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.14. 2024-10-28 5.9 CVE-2024-50431 audit@patchstack.com
code-projects–Blood Bank Management System
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 4.3 CVE-2024-10605 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects–Blood Bank System
A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. This affects an unknown part of the file /admin/blood/update/B-.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-30 6.3 CVE-2024-10506 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects–E-Health Care System
A vulnerability, which was classified as critical, was found in code-projects E-Health Care System up to 1.0. This affects an unknown part of the file /Admin/consulting_detail.php. The manipulation of the argument consulting_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10740 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects–University Event Management System
A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “name” to be affected. But it must be assumed that a variety of other parameters is affected too. 2024-11-02 6.3 CVE-2024-10700 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects–Wazifa System
A vulnerability was found in code-projects Wazifa System 1.0 and classified as critical. This issue affects some unknown processing of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10742 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codection–Import and export users and customers
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in codection Import and export users and customers allows Stored XSS.This issue affects Import and export users and customers: from n/a through 1.27.5. 2024-10-29 5.9 CVE-2024-50413 audit@patchstack.com
codemenschen–Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-31 6.4 CVE-2024-9165 security@wordfence.com
security@wordfence.com
security@wordfence.com
Consensys–gnark
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory. 2024-10-31 5.5 CVE-2024-50354 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
contrid–Newsletters
The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 6.4 CVE-2024-10181 security@wordfence.com
security@wordfence.com
security@wordfence.com
ConveyThis Translate Team–Language Translate Widget for WordPress ConveyThis
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234. 2024-11-01 5.3 CVE-2024-38792 audit@patchstack.com
coralwebdesign — cwd_3d_image_gallery
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0. 2024-10-29 6.1 CVE-2024-49632 audit@patchstack.com
Cornel Raiu–WP Search Analytics
Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Search Analytics: from n/a through 1.4.9. 2024-11-01 4.3 CVE-2024-43229 audit@patchstack.com
cozythemes — cozy_blocks
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.18. 2024-10-28 5.4 CVE-2024-50502 audit@patchstack.com
CozyThemes–Blockbooster
Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10. 2024-11-01 6.5 CVE-2024-43979 audit@patchstack.com
CozyThemes–Fota WP
Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1. 2024-11-01 6.5 CVE-2024-43980 audit@patchstack.com
CozyThemes–Hello Agency
Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5. 2024-11-01 6.5 CVE-2024-43341 audit@patchstack.com
CozyThemes–ReviveNews
Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2. 2024-11-01 6.5 CVE-2024-43974 audit@patchstack.com
cozyvision1–SMS Alert Order Notifications WooCommerce
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 6.4 CVE-2024-10233 security@wordfence.com
security@wordfence.com
security@wordfence.com
Creative Motion–Auto Featured Image (Auto Post Thumbnail)
Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.1.2. 2024-11-01 4.3 CVE-2024-38719 audit@patchstack.com
Creative Motion–Clearfy Cache
Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4. 2024-11-01 5.4 CVE-2024-43260 audit@patchstack.com
Creative Motion–Robin image optimizer
Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9. 2024-11-01 6.5 CVE-2024-43122 audit@patchstack.com
creativemotion–Social Slider Feed
Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2. 2024-11-01 4.3 CVE-2024-43215 audit@patchstack.com
CreativeMotion–Titan Anti-spam & Security
Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6. 2024-11-01 6.5 CVE-2024-38777 audit@patchstack.com
CRM Perks–CRM Perks Forms
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5. 2024-11-01 5.3 CVE-2024-37463 audit@patchstack.com
cservit–affiliate-toolkit
The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 6.4 CVE-2024-10227 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
CubeWP–CubeWP All-in-One Dynamic Content Framework
Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15. 2024-11-01 4.3 CVE-2024-48039 audit@patchstack.com
DarkMySite–DarkMySite Advanced Dark Mode Plugin for WordPress
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. 2024-10-29 4.3 CVE-2024-50466 audit@patchstack.com
Depicter Slider and Popup by Averta–Depicter Slider
Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2. 2024-11-01 5.3 CVE-2024-47359 audit@patchstack.com
didi–Super-Jacoco
A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-28 6.3 CVE-2024-10435 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Dropshipping Guru–Ali2Woo Lite
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. 2024-11-01 6.5 CVE-2024-37214 audit@patchstack.com
E2Pdf.com–e2pdf
Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27. 2024-11-01 5.4 CVE-2024-37415 audit@patchstack.com
Easy Digital Downloads–Easy Digital Downloads
Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12. 2024-11-01 4.3 CVE-2024-43162 audit@patchstack.com
edwardstoever — monitor.chat
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1. 2024-10-29 6.1 CVE-2024-49639 audit@patchstack.com
elenazhyvohliad — ucat
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Elena Zhyvohliad uCAT – Next Story allows Reflected XSS.This issue affects uCAT – Next Story: from n/a through 2.0.0. 2024-10-29 6.1 CVE-2024-49663 audit@patchstack.com
Envira Gallery Team–Envira Photo Gallery
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3. 2024-11-01 4.3 CVE-2024-37095 audit@patchstack.com
Envira Gallery Team–Envira Photo Gallery
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14. 2024-11-01 4.3 CVE-2024-43925 audit@patchstack.com
EnvoThemes–Envo’s Elementor Templates & Widgets for WooCommerce
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in EnvoThemes Envo’s Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo’s Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19. 2024-10-28 6.5 CVE-2024-50447 audit@patchstack.com
Epsiloncool–WP Fast Total Search
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through 1.68.232. 2024-11-01 4.3 CVE-2024-38714 audit@patchstack.com
ESAFENET–CDG
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-30 6.3 CVE-2024-10500 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-30 6.3 CVE-2024-10501 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function getOneFileDirectory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument directoryId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-30 6.3 CVE-2024-10502 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-31 6.3 CVE-2024-10594 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-31 6.3 CVE-2024-10596 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-31 6.3 CVE-2024-10597 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-11-01 6.3 CVE-2024-10610 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-11-01 6.3 CVE-2024-10611 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-11-01 6.3 CVE-2024-10612 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-11-01 6.3 CVE-2024-10613 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10659 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ESAFENET–CDG
A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10660 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Etoile Web Design–Order Tracking
Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. 2024-11-01 4.3 CVE-2024-43343 audit@patchstack.com
EventPrime Events–EventPrime
Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2. 2024-11-01 4.3 CVE-2024-43223 audit@patchstack.com
express–express
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. 2024-10-29 4 CVE-2024-10491 36c7be3b-2937-45df-85ea-ca7133ea542c
eyecix–JobSearch
Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4. 2024-11-01 6.5 CVE-2024-43929 audit@patchstack.com
eyecix–JobSearch
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4. 2024-11-01 5.4 CVE-2024-43928 audit@patchstack.com
eyecix–JobSearch
Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3. 2024-10-31 4.3 CVE-2024-43930 audit@patchstack.com
fabianros — blood_bank_management_system
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. 2024-10-28 6.5 CVE-2024-10448 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fabianros — blood_bank_management_system
A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-31 6.5 CVE-2024-10557 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Fahad Mahmood–WP Datepicker
Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1. 2024-11-01 6.5 CVE-2024-47321 audit@patchstack.com
fastlinemedia — beaver_builder
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 5.4 CVE-2024-9505 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
fatcatapps–Pricing Tables WordPress Plugin Easy Pricing Tables
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-30 6.1 CVE-2024-8871 security@wordfence.com
security@wordfence.com
security@wordfence.com
Faurecia Clarion Electronics Co., Ltd.–SmartPlay
Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50. 2024-10-28 6.7 CVE-2024-6245 cve@asrg.io
cve@asrg.io
Fetch Designs–Sign-up Sheets
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sign-up Sheets: from n/a through 2.2.12. 2024-11-01 5.3 CVE-2024-39654 audit@patchstack.com
fifu.app–Featured Image from URL
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2. 2024-11-01 6.3 CVE-2024-37516 audit@patchstack.com
fifu.app–Featured Image from URL
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1. 2024-11-01 5.3 CVE-2024-37276 audit@patchstack.com
FirelightWP–Firelight Lightbox
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in FirelightWP Firelight Lightbox allows Stored XSS.This issue affects Firelight Lightbox: from n/a through 2.3.3. 2024-10-28 5.9 CVE-2024-50460 audit@patchstack.com
Fla-shop–Interactive World Map
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Fla-shop Interactive World Map allows Stored XSS.This issue affects Interactive World Map: from n/a through 3.4.4. 2024-10-28 6.5 CVE-2024-50462 audit@patchstack.com
Fonts Plugin–Fonts
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. 2024-11-01 4.3 CVE-2024-43302 audit@patchstack.com
foxskav — bet_wc_2018_russia
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1. 2024-10-29 6.1 CVE-2024-49637 audit@patchstack.com
fstaude–Widget or Sidebar Shortcode
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sidebar’ shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-30 6.4 CVE-2024-9885 security@wordfence.com
security@wordfence.com
security@wordfence.com
FuturioWP–Futurio Extra
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.11. 2024-10-28 6.5 CVE-2024-50446 audit@patchstack.com
Gabe Livan–Asset CleanUp: Page Speed Booster
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3. 2024-11-01 4.3 CVE-2024-43314 audit@patchstack.com
gaizhenbiao — chuanhuchatgpt
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user’s name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users’ directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user’s private chat history. 2024-10-29 4.3 CVE-2024-8143 security@huntr.dev
security@huntr.dev
HashiCorp–Consul
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. 2024-10-30 6.1 CVE-2024-10086 security@hashicorp.com
HCL Software–AppScan Source
HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. 2024-10-31 4.8 CVE-2024-30149 psirt@hcl.com
HelloAsso–HelloAsso
Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10. 2024-11-01 4.3 CVE-2024-44052 audit@patchstack.com
hitachienergy — tro610_firmware
Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access. 2024-10-29 4.3 CVE-2024-41156 cybersecurity@hitachienergy.com
HM Plugin–WordPress Stripe Donation and Payment Plugin
Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. 2024-10-29 5.3 CVE-2024-50459 audit@patchstack.com
hokku–Contact Form 7 + Telegram
The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘wpcf7_Telegram::ajax’ function in versions up to, and including, 0.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to approve, pause and refuse subscriptions. 2024-10-28 5.4 CVE-2024-9629 security@wordfence.com
security@wordfence.com
security@wordfence.com
htplugins–WP Team WordPress Team Member Plugin
The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-30 6.4 CVE-2024-10223 security@wordfence.com
security@wordfence.com
security@wordfence.com
IBM–CICS TX Standard
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. 2024-11-01 6.5 CVE-2024-41744 psirt@us.ibm.com
IBM–CICS TX Standard
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-11-01 6.1 CVE-2024-41745 psirt@us.ibm.com
IBM–TXSeries for Multiplatforms
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. 2024-11-01 5.9 CVE-2024-41738 psirt@us.ibm.com
IBM–TXSeries for Multiplatforms
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. 2024-11-01 5.3 CVE-2024-41741 psirt@us.ibm.com
icegram–Icegram Collect
Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14. 2024-11-01 5.4 CVE-2024-43273 audit@patchstack.com
icegram–Icegram
Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24. 2024-11-01 5.3 CVE-2024-39625 audit@patchstack.com
ifeelweb–Post Status Notifier
The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-29 6.1 CVE-2024-10048 security@wordfence.com
security@wordfence.com
instantsoft–icms2
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This vulnerability is fixed in 2.16.3. 2024-10-29 5.4 CVE-2024-50348 security-advisories@github.com
security-advisories@github.com
IowaComputerGurus–aspnetcore.utilities.cloudstorage
ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri’s are unaffected. This issue was resolved in version 8.0.0 of the library. 2024-10-30 5.3 CVE-2024-50353 security-advisories@github.com
security-advisories@github.com
itsourcecode–Farm Management System
A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10738 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
itsourcecode–Tailoring Management System Project
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10609 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
javmah–Woocommerce Customers Order History
Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2. 2024-11-01 4.3 CVE-2024-37201 audit@patchstack.com
jetbrains — hub
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services 2024-10-28 5.4 CVE-2024-50573 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API 2024-10-28 6.1 CVE-2024-50575 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible 2024-10-28 6.1 CVE-2024-50579 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest 2024-10-28 5.4 CVE-2024-50576 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings 2024-10-28 5.4 CVE-2024-50577 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page 2024-10-28 5.4 CVE-2024-50578 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule 2024-10-28 5.4 CVE-2024-50580 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag 2024-10-28 5.4 CVE-2024-50581 cve@jetbrains.com
jetbrains — youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements 2024-10-28 5.4 CVE-2024-50582 cve@jetbrains.com
joniles–mpxj
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. The issue is addressed in MPXJ version 13.5.1. 2024-10-28 5.3 CVE-2024-49771 security-advisories@github.com
security-advisories@github.com
Jordy Meow–Photo Engine
Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. 2024-11-01 4.3 CVE-2024-43332 audit@patchstack.com
josh401–Ultimate TinyMCE
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘field’ shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-30 6.4 CVE-2024-8627 security@wordfence.com
security@wordfence.com
JS Help Desk–JS Help Desk Best Help Desk & Support Plugin
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6. 2024-11-01 5.8 CVE-2024-43274 audit@patchstack.com
Jules Colle–Conditional Fields for Contact Form 7
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Stored XSS.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4.15. 2024-10-29 5.9 CVE-2024-50412 audit@patchstack.com
KaineLabs–Youzify
Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6. 2024-11-01 5.4 CVE-2024-39635 audit@patchstack.com
Kanban for WordPress–Kanban Boards for WordPress
Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. 2024-11-01 5.3 CVE-2024-37226 audit@patchstack.com
Kevon Adonis–WP Abstracts
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1. 2024-10-29 5.9 CVE-2024-50411 audit@patchstack.com
Kiboko Labs–Chained Quiz
Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8. 2024-11-01 5.3 CVE-2024-37921 audit@patchstack.com
Kiboko Labs–Namaste! LMS
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. 2024-10-29 6.5 CVE-2024-50409 audit@patchstack.com
Kiboko Labs–Namaste! LMS
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.4. 2024-10-29 6.5 CVE-2024-50410 audit@patchstack.com
kilukrumedia–WP Simple Anchors Links
The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-31 6.4 CVE-2024-9446 security@wordfence.com
security@wordfence.com
security@wordfence.com
knightliao–Disconf
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 5.3 CVE-2024-10620 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Kraft Plugins–Wheel of Life
Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8. 2024-11-01 5.3 CVE-2024-47311 audit@patchstack.com
kubell Co., Ltd.–Chatwork Desktop Application (Windows)
Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows). 2024-10-28 5.5 CVE-2024-50307 vultures@jpcert.or.jp
Laybuy–Laybuy Payment Extension for WooCommerce
Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9. 2024-11-01 4.3 CVE-2024-37203 audit@patchstack.com
leap13–Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 6.4 CVE-2024-10266 security@wordfence.com
security@wordfence.com
leenk — leenk.me
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Lew Ayotte leenk.Me allows Reflected XSS.This issue affects leenk.Me: from n/a through 2.16.0. 2024-10-29 6.1 CVE-2024-49661 audit@patchstack.com
Leevio–Happy Addons for Elementor
Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3. 2024-11-01 4.3 CVE-2024-48045 audit@patchstack.com
LevelOne–WBR-6012
The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities. 2024-10-30 5.3 CVE-2024-28052 talos-cna@cisco.com
LevelOne–WBR-6012
The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions. 2024-10-30 5.3 CVE-2024-31152 talos-cna@cisco.com
LevelOne–WBR-6012
A vulnerability in the LevelOne WBR-6012 router’s firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks. 2024-10-30 5.9 CVE-2024-32946 talos-cna@cisco.com
LevelOne–WBR-6012
The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device’s reliance on IP address for authentication. 2024-10-30 5.3 CVE-2024-33603 talos-cna@cisco.com
LevelOne–WBR-6012
The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the device’s WiFi network. 2024-10-30 5.3 CVE-2024-33626 talos-cna@cisco.com
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in con_font_get() font.data may not initialize all memory spaces depending on the implementation of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it is safest to modify it to initialize the allocated memory space to 0, and it generally does not affect the overall performance of the system. 2024-10-29 6.5 CVE-2024-50076 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() The sysfs_target->regions allocated in damon_sysfs_regions_alloc() is not freed in damon_sysfs_test_add_targets(), which cause the following memory leak, free it to fix it. unreferenced object 0xffffff80c2a8db80 (size 96): comm “kunit_try_catch”, pid 187, jiffies 4294894363 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. backtrace (crc 0): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000008e6835c1>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000001286d9f8>] damon_sysfs_test_add_targets+0x1cc/0x738 [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20 2024-10-29 5.5 CVE-2024-50068 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. 2024-10-29 5.5 CVE-2024-50069 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. 2024-10-29 5.5 CVE-2024-50070 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046 CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0 Call Trace: show_regs+0x70/0x78 die_addr+0x29/0x70 exc_general_protection+0x13c/0x348 exc_bounds+0x98/0x98 handle_exception+0x14d/0x14d exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf This only happens in 32-bit mode when VERW based mitigations like MDS/RFDS are enabled. This is because segment registers with an arbitrary user value can result in #GP when executing VERW. Intel SDM vol. 2C documents the following behavior for VERW instruction: #GP(0) – If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user space. Use %cs selector to reference VERW operand. This ensures VERW will not #GP for an arbitrary user %ds. [ mingo: Fixed the SOB chain. ] 2024-10-29 5.5 CVE-2024-50072 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy number supported by the Tegra XUSB controller. Using total USB2 phy number as port number to check all PORTSC values would cause invalid memory access. [ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f … [ 117.213640] Call trace: [ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658 [ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68 [ 117.227260] pm_generic_runtime_suspend+0x30/0x50 [ 117.232847] __rpm_callback+0x84/0x3c0 [ 117.237038] rpm_suspend+0x2dc/0x740 [ 117.241229] pm_runtime_work+0xa0/0xb8 [ 117.245769] process_scheduled_works+0x24c/0x478 [ 117.251007] worker_thread+0x23c/0x328 [ 117.255547] kthread+0x104/0x1b0 [ 117.259389] ret_from_fork+0x10/0x20 [ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100) 2024-10-29 5.5 CVE-2024-50075 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if either CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init() returns early and does not set iso_inited to true. This means that a subsequent call to iso_init() will result in duplicate calls to proto_register(), bt_sock_register(), etc. With CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the duplicate call to proto_register() triggers this BUG(): list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250, next=ffffffffc0b280d0. ————[ cut here ]———— kernel BUG at lib/list_debug.c:35! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1 RIP: 0010:__list_add_valid_or_report+0x9a/0xa0 … __list_add_valid_or_report+0x9a/0xa0 proto_register+0x2b5/0x340 iso_init+0x23/0x150 [bluetooth] set_iso_socket_func+0x68/0x1b0 [bluetooth] kmem_cache_free+0x308/0x330 hci_sock_sendmsg+0x990/0x9e0 [bluetooth] __sock_sendmsg+0x7b/0x80 sock_write_iter+0x9a/0x110 do_iter_readv_writev+0x11d/0x220 vfs_writev+0x180/0x3e0 do_writev+0xca/0x100 … This change removes the early return. The check for iso_debugfs being NULL was unnecessary, it is always NULL when iso_inited is false. 2024-10-29 5.5 CVE-2024-50077 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on module unload. Without that, the struct proto that iso_init() registered with proto_register() becomes invalid, which could cause unpredictable problems later. In my case, with CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, loading the module again usually triggers this BUG(): list_add corruption. next->prev should be prev (ffffffffb5355fd0), but was 0000000000000068. (next=ffffffffc0a010d0). ————[ cut here ]———— kernel BUG at lib/list_debug.c:29! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 4159 Comm: modprobe Not tainted 6.10.11-4+bt2-ao-desktop #1 RIP: 0010:__list_add_valid_or_report+0x61/0xa0 … __list_add_valid_or_report+0x61/0xa0 proto_register+0x299/0x320 hci_sock_init+0x16/0xc0 [bluetooth] bt_init+0x68/0xd0 [bluetooth] __pfx_bt_init+0x10/0x10 [bluetooth] do_one_initcall+0x80/0x2f0 do_init_module+0x8b/0x230 __do_sys_init_module+0x15f/0x190 do_syscall_64+0x68/0x110 … 2024-10-29 5.5 CVE-2024-50078 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work When the sqpoll is exiting and cancels pending work items, it may need to run task_work. If this happens from within io_uring_cancel_generic(), then it may be under waiting for the io_uring_task waitqueue. This results in the below splat from the scheduler, as the ring mutex may be attempted grabbed while in a TASK_INTERRUPTIBLE state. Ensure that the task state is set appropriately for that, just like what is done for the other cases in io_run_task_work(). do not call blocking ops when !TASK_RUNNING; state=1 set at [<0000000029387fd2>] prepare_to_wait+0x88/0x2fc WARNING: CPU: 6 PID: 59939 at kernel/sched/core.c:8561 __might_sleep+0xf4/0x140 Modules linked in: CPU: 6 UID: 0 PID: 59939 Comm: iou-sqp-59938 Not tainted 6.12.0-rc3-00113-g8d020023b155 #7456 Hardware name: linux,dummy-virt (DT) pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=–) pc : __might_sleep+0xf4/0x140 lr : __might_sleep+0xf4/0x140 sp : ffff80008c5e7830 x29: ffff80008c5e7830 x28: ffff0000d93088c0 x27: ffff60001c2d7230 x26: dfff800000000000 x25: ffff0000e16b9180 x24: ffff80008c5e7a50 x23: 1ffff000118bcf4a x22: ffff0000e16b9180 x21: ffff0000e16b9180 x20: 000000000000011b x19: ffff80008310fac0 x18: 1ffff000118bcd90 x17: 30303c5b20746120 x16: 74657320313d6574 x15: 0720072007200720 x14: 0720072007200720 x13: 0720072007200720 x12: ffff600036c64f0b x11: 1fffe00036c64f0a x10: ffff600036c64f0a x9 : dfff800000000000 x8 : 00009fffc939b0f6 x7 : ffff0001b6327853 x6 : 0000000000000001 x5 : ffff0001b6327850 x4 : ffff600036c64f0b x3 : ffff8000803c35bc x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000e16b9180 Call trace: __might_sleep+0xf4/0x140 mutex_lock+0x84/0x124 io_handle_tw_list+0xf4/0x260 tctx_task_work_run+0x94/0x340 io_run_task_work+0x1ec/0x3c0 io_uring_cancel_generic+0x364/0x524 io_sq_thread+0x820/0x124c ret_from_fork+0x10/0x20 2024-10-29 5.5 CVE-2024-50079 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: ublk: don’t allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can’t be trusted. So don’t allow user copy for unprivileged device. 2024-10-29 5.5 CVE-2024-50080 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue ->tag_set before initializing hctx Commit 7b815817aa58 (“blk-mq: add helper for checking if one CPU is mapped to specified hctx”) needs to check queue mapping via tag set in hctx’s cpuhp handler. However, q->tag_set may not be setup yet when the cpuhp handler is enabled, then kernel oops is triggered. Fix the issue by setup queue tag_set before initializing hctx. 2024-10-29 5.5 CVE-2024-50081 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad (“net: microchip: vcap: Fix use-after-free error in kunit test”) fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it. unreferenced object 0xffffff80ca58b700 (size 192): comm “kunit_try_catch”, pid 1215, jiffies 4294898264 hex dump (first 32 bytes): 00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00 ..z………d… 00 00 00 00 00 00 00 00 00 04 0b cc 80 ff ff ff ……………. backtrace (crc 9c09c3fe): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<0000000040a01b8d>] vcap_alloc_rule+0x3cc/0x9c4 [<000000003fe86110>] vcap_api_encode_rule_test+0x1ac/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0400 (size 64): comm “kunit_try_catch”, pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 04 0b cc 80 ff ff ff 18 b7 58 ca 80 ff ff ff ……….X….. 39 00 00 00 02 00 00 00 06 05 04 03 02 01 ff ff 9…………… backtrace (crc daf014e9): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000dfdb1e81>] vcap_api_encode_rule_test+0x224/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0700 (size 64): comm “kunit_try_catch”, pid 1215, jiffies 4294898265 hex dump (first 32 bytes): 80 07 0b cc 80 ff ff ff 28 b7 58 ca 80 ff ff ff ……..(.X….. 3c 00 00 00 00 00 00 00 01 2f 03 b3 ec ff ff ff <……../…… backtrace (crc 8d877792): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000006eadfab7>] vcap_rule_add_action+0x2d0/0x52c [<00000000323475d1>] vcap_api_encode_rule_test+0x4d4/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0900 (size 64): comm “kunit_try_catch”, pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 80 09 0b cc 80 ff ff ff 80 06 0b cc 80 ff ff ff ……………. 7d 00 00 00 01 00 00 00 00 00 00 00 ff 00 00 00 }…………… backtrace (crc 34181e56): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<00000000991e3564>] vcap_val_rule+0xcf0/0x13e8 [<00000000fc9868e5>] vcap_api_encode_rule_test+0x678/0x16b0 [<00000000b3595fc4>] kunit_try_run_case+0x13c/0x3ac [<0000000010f5d2bf>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000c5d82c9a>] kthread+0x2e8/0x374 [<00000000f4287308>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80cc0b0980 (size 64): comm “kunit_try_catch”, pid 1215, jiffies 4294898266 hex dump (first 32 bytes): 18 b7 58 ca 80 ff ff ff 00 09 0b cc 80 ff ff ff ..X…………. 67 00 00 00 00 00 00 00 01 01 74 88 c0 ff ff ff g………t….. backtrace (crc 275fd9be): [<0000000052a0be73>] kmemleak_alloc+0x34/0x40 [<0000000043605459>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000000ff63fd4>] vcap_rule_add_key+0x2cc/0x528 [<000000001396a1a2>] test_add_de —truncated— 2024-10-29 5.5 CVE-2024-50084 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662 CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline] mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572 mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603 genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg net/socket.c:744 [inline] ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf7fe4579 Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Allocated by task 5387: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 kmalloc_noprof include/linux/slab.h:878 [inline] kzalloc_noprof include/linux/slab.h:1014 [inline] subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803 subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956 __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline] tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167 mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764 __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592 mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642 mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline] mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943 mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777 process_one_work+0x958/0x1b30 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/ke —truncated— 2024-10-29 5.5 CVE-2024-50085 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer. Thus, it is not guaranteed that fscrypt_str.name is initialized when freeing it. This is a follow-up to the linked patch that fixes the remaining instances of the bug introduced by commit e43eec81c516 (“btrfs: use struct qstr instead of name and namelen pairs”). 2024-10-29 5.5 CVE-2024-50087 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux_kernel
In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race We’re seeing crashes from rq_qos_wake_function that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) – not-present page PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0 Oops: Oops: 0002 [#1] PREEMPT SMP PTI CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40 Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 <f0> 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00 RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084 RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011 R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002 R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> try_to_wake_up+0x5a/0x6a0 rq_qos_wake_function+0x71/0x80 __wake_up_common+0x75/0xa0 __wake_up+0x36/0x60 scale_up.part.0+0x50/0x110 wb_timer_fn+0x227/0x450 … So rq_qos_wake_function() calls wake_up_process(data->task), which calls try_to_wake_up(), which faults in raw_spin_lock_irqsave(&p->pi_lock). p comes from data->task, and data comes from the waitqueue entry, which is stored on the waiter’s stack in rq_qos_wait(). Analyzing the core dump with drgn, I found that the waiter had already woken up and moved on to a completely unrelated code path, clobbering what was previously data->task. Meanwhile, the waker was passing the clobbered garbage in data->task to wake_up_process(), leading to the crash. What’s happening is that in between rq_qos_wake_function() deleting the waitqueue entry and calling wake_up_process(), rq_qos_wait() is finding that it already got a token and returning. The race looks like this: rq_qos_wait() rq_qos_wake_function() ============================================================== prepare_to_wait_exclusive() data->got_token = true; list_del_init(&curr->entry); if (data.got_token) break; finish_wait(&rqw->wait, &data.wq); ^- returns immediately because list_empty_careful(&wq_entry->entry) is true … return, go do something else … wake_up_process(data->task) (NO LONGER VALID!)-^ Normally, finish_wait() is supposed to synchronize against the waker. But, as noted above, it is returning immediately because the waitqueue entry has already been removed from the waitqueue. The bug is that rq_qos_wake_function() is accessing the waitqueue entry AFTER deleting it. Note that autoremove_wake_function() wakes the waiter and THEN deletes the waitqueue entry, which is the proper order. Fix it by swapping the order. We also need to use list_del_init_careful() to match the list_empty_careful() in finish_wait(). 2024-10-29 4.7 CVE-2024-50082 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
lollms — lollms_web_ui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim’s device does not have sufficient capacity, this can result in a crash. 2024-10-29 6.5 CVE-2024-6673 security@huntr.dev
security@huntr.dev
LUNAD3v–AreaLoad
A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 264813c546dba03989ac0fc365f2022bf65e3be2. It is recommended to apply a patch to fix this issue. 2024-10-29 5.5 CVE-2017-20195 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lunary — lunary
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application’s brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage. 2024-10-29 6.5 CVE-2024-7472 security@huntr.dev
security@huntr.dev
lunary — lunary
An IDOR vulnerability exists in the ‘Evaluations’ function of the ‘umgws datasets’ section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users’ prompts by manipulating the ‘id’ parameter in the request. The issue is fixed in version 1.4.3. 2024-10-29 6.5 CVE-2024-7473 security@huntr.dev
security@huntr.dev
LWS–LWS Affiliation
Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. 2024-11-01 5.4 CVE-2024-43962 audit@patchstack.com
Magazine3–PWA for WP & AMP
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72. 2024-11-01 4.3 CVE-2024-47318 audit@patchstack.com
manzurulhaque — banner_slider
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1. 2024-10-29 6.1 CVE-2024-49635 audit@patchstack.com
marianheddesheimer — extra_privacy_for_elementor
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Marian Heddesheimer Extra Privacy for Elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through 0.1.3. 2024-10-29 6.1 CVE-2024-49654 audit@patchstack.com
markjaquith–Subscribe to Comments
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-30 6.1 CVE-2024-8792 security@wordfence.com
security@wordfence.com
security@wordfence.com
Martin Gibson–WP GoToWebinar
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6. 2024-11-01 4.3 CVE-2024-38695 audit@patchstack.com
Masteriyo–Masteriyo – LMS
Missing Authorization vulnerability in Masteriyo Masteriyo – LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo – LMS: from n/a through 1.11.6. 2024-11-01 5.3 CVE-2024-43159 audit@patchstack.com
masteriyo–Masteriyo LMS eLearning and Online Course Builder for WordPress
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question’s content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 6.4 CVE-2024-10000 security@wordfence.com
security@wordfence.com
Mattermost–Mattermost
Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K. 2024-10-29 4.3 CVE-2024-10241 responsibledisclosure@mattermost.com
Mattermost–Mattermost
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks 2024-10-29 4.6 CVE-2024-46872 responsibledisclosure@mattermost.com
Mattermost–Mattermost
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks. 2024-10-29 4.3 CVE-2024-47401 responsibledisclosure@mattermost.com
Mattermost–Mattermost
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post. 2024-10-29 4.3 CVE-2024-50052 responsibledisclosure@mattermost.com
mattroyal — woocommerce_maintenance_mode
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through 2.0.1. 2024-10-29 6.1 CVE-2024-49651 audit@patchstack.com
MediaRon LLC–Custom Query Blocks
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0. 2024-11-01 5.3 CVE-2024-38794 audit@patchstack.com
Meks–Meks Video Importer
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12. 2024-11-01 5.4 CVE-2024-38733 audit@patchstack.com
Merkulove–Selection Lite
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.13. 2024-10-28 6.5 CVE-2024-50445 audit@patchstack.com
Michael Robinson–Raptor Editor
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Michael Robinson Raptor Editor allows DOM-Based XSS.This issue affects Raptor Editor: from n/a through 1.0.20. 2024-10-28 6.5 CVE-2024-50468 audit@patchstack.com
Migrate–Clone
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. 2024-11-01 4.3 CVE-2024-43297 audit@patchstack.com
Migrate–Clone
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. 2024-11-01 4.3 CVE-2024-43298 audit@patchstack.com
Miller Media ( Matt Miller )–Send Emails with Mandrill
Missing Authorization vulnerability in Miller Media ( Matt Miller ) Send Emails with Mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through 1.4.1. 2024-11-01 4.3 CVE-2024-43208 audit@patchstack.com
mkucej–i-librarian-free
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2. 2024-10-30 4.6 CVE-2024-50344 security-advisories@github.com
security-advisories@github.com
mndpsingh287–File Manager
Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7. 2024-11-01 4.3 CVE-2024-37254 audit@patchstack.com
modernaweb–Black Widgets For Elementor
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-30 6.4 CVE-2024-9388 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
Mondula GmbH–Multi Step Form
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. 2024-10-29 4.3 CVE-2024-50428 audit@patchstack.com
moveaddons–Move Addons for Elementor
The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-10-29 4.3 CVE-2024-10360 security@wordfence.com
security@wordfence.com
mozilla — firefox_focus
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. 2024-10-29 6.5 CVE-2024-10474 security@mozilla.org
security@mozilla.org
mozilla — firefox
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. 2024-10-29 6.1 CVE-2024-10461 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. 2024-10-29 6.5 CVE-2024-10462 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. 2024-10-29 6.5 CVE-2024-10463 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. 2024-10-29 6.5 CVE-2024-10464 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
A clipboard “paste” button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. 2024-10-29 6.5 CVE-2024-10465 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. 2024-10-29 5.3 CVE-2024-10460 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. 2024-10-29 5.3 CVE-2024-10468 security@mozilla.org
security@mozilla.org
security@mozilla.org
n/a–n/a
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability. 2024-10-31 6.1 CVE-2023-52045 cve@mitre.org
n/a–n/a
PbootCMS 3.2.8 is vulnerable to URL Redirect. 2024-10-28 6.1 CVE-2024-42930 cve@mitre.org
cve@mitre.org
n/a–n/a
phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php. 2024-10-30 6.3 CVE-2024-46531 cve@mitre.org
n/a–n/a
SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server. 2024-10-28 6.5 CVE-2024-48107 cve@mitre.org
cve@mitre.org
n/a–n/a
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17 2024-10-28 6.3 CVE-2024-48191 cve@mitre.org
n/a–n/a
Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. 2024-10-28 6.1 CVE-2024-48195 cve@mitre.org
n/a–n/a
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. 2024-10-30 6.5 CVE-2024-48272 cve@mitre.org
cve@mitre.org
n/a–n/a
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17 2024-10-28 6.3 CVE-2024-48291 cve@mitre.org
n/a–n/a
xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems. 2024-10-30 6.1 CVE-2024-48346 cve@mitre.org
n/a–n/a
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding. 2024-10-30 6.1 CVE-2024-48648 cve@mitre.org
n/a–n/a
A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF. 2024-10-30 6.5 CVE-2024-51242 cve@mitre.org
n/a–n/a
Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code. 2024-10-30 6.1 CVE-2024-51419 cve@mitre.org
n/a–n/a
Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. 2024-10-31 6.4 CVE-2024-51430 cve@mitre.org
cve@mitre.org
n/a–n/a
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the ‘Network Name (SSID)’ input fields to the /index.html#wireless_basic page. 2024-10-30 5.2 CVE-2024-31973 cve@mitre.org
n/a–n/a
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. 2024-10-30 5.9 CVE-2024-43382 cve@mitre.org
n/a–n/a
An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. 2024-10-30 5.5 CVE-2024-48241 cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–n/a
Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting (XSS) vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/ 2024-10-30 5.4 CVE-2024-48569 cve@mitre.org
n/a–n/a
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. 2024-10-30 5.4 CVE-2024-48807 cve@mitre.org
cve@mitre.org
n/a–n/a
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users’ jobs. This is limited to jobs explicitly running with –stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration. 2024-10-28 5 CVE-2024-48936 cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–n/a
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard. 2024-10-28 5.9 CVE-2024-50624 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–n/a
EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user’s session) via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediately when a user logs into the admin page. This affects /admin/wifi/wlan1 and /admin/wifi/wlan_guest. 2024-10-30 4.3 CVE-2024-31972 cve@mitre.org
n/a–n/a
EnGenius ESR580 devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field’s corresponding EDIT button. 2024-10-30 4.8 CVE-2024-31975 cve@mitre.org
n/a–n/a
TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1. 2024-10-28 4.9 CVE-2024-34537 cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–n/a
Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field. 2024-10-29 4.8 CVE-2024-48461 cve@mitre.org
cve@mitre.org
n/a–n/a
Tiki through 27.0 allows users who have certain permissions to insert a “Create a Wiki Pages” stored XSS payload in the description. 2024-10-28 4.8 CVE-2024-51506 cve@mitre.org
cve@mitre.org
n/a–n/a
Tiki through 27.0 allows users who have certain permissions to insert a “Create/Edit External Wiki” stored XSS payload in the Name. 2024-10-28 4.8 CVE-2024-51507 cve@mitre.org
cve@mitre.org
n/a–n/a
Tiki through 27.0 allows users who have certain permissions to insert a “Create/Edit External Wiki” stored XSS payload in the Index. 2024-10-28 4.8 CVE-2024-51508 cve@mitre.org
cve@mitre.org
n/a–n/a
Tiki through 27.0 allows users who have certain permissions to insert a “Modules” (aka tiki-admin_modules.php) stored XSS payload in the Name. 2024-10-28 4.8 CVE-2024-51509 cve@mitre.org
cve@mitre.org
n/a–Persian WooCommerce
Missing Authorization vulnerability in ??????? ????? Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. 2024-11-01 5.3 CVE-2024-43219 audit@patchstack.com
n/a–sinatra
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF. 2024-11-01 5.4 CVE-2024-21510 report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
n/a–wuzhicms
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-30 6.3 CVE-2024-10505 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nCrafts–FormCraft
Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10. 2024-11-01 4.3 CVE-2024-43157 audit@patchstack.com
nervythemes — local_business_addons_for_elementor
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NervyThemes Local Business Addons For Elementor allows Stored XSS.This issue affects Local Business Addons For Elementor: from n/a through 1.1.5. 2024-10-29 5.4 CVE-2024-49667 audit@patchstack.com
Nickolas Bossinas–WordPress File Upload
Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7. 2024-11-01 4.3 CVE-2024-39639 audit@patchstack.com
Noptin Newsletter–Noptin
Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2. 2024-11-01 5.3 CVE-2024-37456 audit@patchstack.com
OnTheGoSystems–WooCommerce Multilingual & Multicurrency
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6. 2024-11-01 4.3 CVE-2024-44006 audit@patchstack.com
open-scratch–Teaching
A vulnerability classified as critical was found in open-scratch Teaching ?????? up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-30 6.3 CVE-2024-10546 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
OptinlyHQ–Optinly
Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18. 2024-11-01 5.3 CVE-2024-37220 audit@patchstack.com
Packlink Shipping S.L.–Packlink PRO shipping module
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6. 2024-11-01 5.4 CVE-2024-38740 audit@patchstack.com
Pagup–Ads.txt & App-ads.txt Manager for WordPress
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a through 1.1.7.1. 2024-10-29 5.9 CVE-2024-50415 audit@patchstack.com
phpgurukul — ifsc_code_finder
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the “searchifsccode” parameter. 2024-10-29 6.1 CVE-2024-51180 cve@mitre.org
phpgurukul — ifsc_code_finder
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via ” searchifsccode” parameter. 2024-10-29 6.1 CVE-2024-51181 cve@mitre.org
phpgurukul — online_dj_booking_management_system
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter. 2024-10-29 6.1 CVE-2024-51075 cve@mitre.org
phpgurukul — online_dj_booking_management_system
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the “searchdata” parameter. 2024-10-29 6.1 CVE-2024-51076 cve@mitre.org
PickPlugins–Post Grid and Gutenberg Blocks
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.93. 2024-10-28 6.5 CVE-2024-50432 audit@patchstack.com
Pierre Lebedel–Kodex Posts likes
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. 2024-10-28 6.5 CVE-2024-50464 audit@patchstack.com
PluginOps–MailChimp Subscribe Forms
Cross Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms: from n/a through 4.0.9.8. 2024-11-01 5.9 CVE-2024-43211 audit@patchstack.com
Popup Box Team–Popup box
Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1. 2024-11-01 4.3 CVE-2024-37096 audit@patchstack.com
Popup Maker–Popup Maker
Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2. 2024-11-01 5.3 CVE-2024-47358 audit@patchstack.com
POSIMYTH–The Plus Addons for Elementor Page Builder Lite
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2. 2024-11-01 6.5 CVE-2024-43932 audit@patchstack.com
Post Grid Team by RadiusTheme–The Post Grid
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The Post Grid: from n/a through 7.7.4. 2024-11-01 6.5 CVE-2024-37481 audit@patchstack.com
Post Grid Team by RadiusTheme–The Post Grid
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4. 2024-11-01 5.4 CVE-2024-37483 audit@patchstack.com
Post Grid Team by RadiusTheme–The Post Grid
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4. 2024-11-01 4.3 CVE-2024-37482 audit@patchstack.com
Post Grid Team by WPXPO–PostX
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.12. 2024-10-28 6.5 CVE-2024-50443 audit@patchstack.com
Posti–Posti Shipping
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through 3.10.2. 2024-10-30 5.3 CVE-2024-50512 audit@patchstack.com
Prasad Kirpekar–WP Free SSL Free SSL Certificate for WordPress and force HTTPS
Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6. 2024-11-01 4.3 CVE-2024-44020 audit@patchstack.com
prashantmavinkurve — agile_video_player_lite
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0. 2024-10-29 6.1 CVE-2024-49636 audit@patchstack.com
prasidhda–Woo Manage Fraud Orders
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files. 2024-10-31 5.3 CVE-2024-10544 security@wordfence.com
security@wordfence.com
Presto Made, Inc–Presto Player
Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2. 2024-11-01 6.3 CVE-2024-43285 audit@patchstack.com
Prism IT Systems–User Rights Access Manager
Access Control vulnerability in Prism IT Systems User Rights Access Manager allows . This issue affects User Rights Access Manager: from n/a through 1.1.2. 2024-11-01 6.5 CVE-2024-37209 audit@patchstack.com
ProfileGrid User Profiles–ProfileGrid
Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7. 2024-11-01 4.3 CVE-2024-37453 audit@patchstack.com
Progress Software Corporation–Chef Habitat Builder
The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference (IDOR) by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the vulnerability was specifically due to builder-api habitat package. The fix was made available in habitat/builder-api/10315/20240913162802 and all the subsequent versions after that. We would recommend user to always use on-prem stable channel. 2024-10-28 5.4 CVE-2024-9825 security@progress.com
security@progress.com
Project Worlds–Life Insurance Management System
A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10734 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Project Worlds–Life Insurance Management System
A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10735 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
projectworlds — simple_web-based_chat_application
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack. 2024-10-28 6.1 CVE-2024-10433 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
PropertyHive–PropertyHive
Missing Authorization vulnerability in PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9. 2024-11-01 4.3 CVE-2024-37204 audit@patchstack.com
qriouslad–Code Explorer
The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance. 2024-10-30 4.9 CVE-2023-5816 security@wordfence.com
security@wordfence.com
QuadLayers–WP Social Feed Gallery
Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9. 2024-11-01 6.5 CVE-2024-39640 audit@patchstack.com
Rara Themes–Business One Page
Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9. 2024-11-01 4.3 CVE-2024-37505 audit@patchstack.com
realmag777–WordPress Meta Data and Taxonomies Filter (MDTF)
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. 2024-10-28 6.5 CVE-2024-50451 audit@patchstack.com
Red Hat–Red Hat Enterprise Linux 7
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. 2024-10-31 6.7 CVE-2024-10573 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
Red Hat–Red Hat Satellite 6.13 for RHEL 8
A vulnerability was found in Foreman’s loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman’s database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information. 2024-10-31 6.3 CVE-2024-8553 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
RedefiningTheWeb–PDF Generator Addon for Elementor Page Builder
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Stored XSS.This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.4. 2024-10-28 6.5 CVE-2024-50449 audit@patchstack.com
Renzo Johnson–Contact Form 7 Campaign Monitor Extension
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through 0.4.67. 2024-11-01 5.3 CVE-2024-44019 audit@patchstack.com
reputeinfosystems — bookingpress
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the ‘service’ parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-11-02 6.5 CVE-2024-10540 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
Reservation Diary–ReDi Restaurant Reservation
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422. 2024-11-01 5.4 CVE-2024-38737 audit@patchstack.com
ReviewX–ReviewX
Missing Authorization vulnerability in ReviewX allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviewX: from n/a through 1.6.28. 2024-11-01 5.3 CVE-2024-43323 audit@patchstack.com
rimonhabib — bp_member_type_manager
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01. 2024-10-29 6.1 CVE-2024-49634 audit@patchstack.com
Roundup WP–Registrations for the Events Calendar
Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1. 2024-11-01 6.4 CVE-2024-43143 audit@patchstack.com
Rymera Web Co–Wholesale Suite
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12. 2024-11-01 5.3 CVE-2024-38745 audit@patchstack.com
Seraphinite Solutions–Seraphinite Post .DOCX Source
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9. 2024-11-01 4.3 CVE-2024-38727 audit@patchstack.com
seuroficial–SEUR Oficial
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘change_service’ parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-29 6.1 CVE-2024-9438 security@wordfence.com
security@wordfence.com
security@wordfence.com
shopitpress–SIP Reviews Shortcode for WooCommerce
The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘no_of_reviews’ attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-31 6.5 CVE-2024-6479 security@wordfence.com
security@wordfence.com
security@wordfence.com
shopitpress–SIP Reviews Shortcode for WooCommerce
The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_of_reviews’ attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-31 6.4 CVE-2024-6480 security@wordfence.com
security@wordfence.com
security@wordfence.com
ShortPixel Convert WebP/AVIF & Optimize Images–ShortPixel Image Optimizer
Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. 2024-11-01 5.4 CVE-2024-48044 audit@patchstack.com
SiteGround–SiteGround Security
Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0. 2024-11-01 5.4 CVE-2024-38774 audit@patchstack.com
Smash Balloon–Custom Twitter Feeds (Tweets Widget)
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3. 2024-10-31 5.4 CVE-2024-49685 audit@patchstack.com
soft-master — affiliate_platform
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8. 2024-10-29 6.1 CVE-2024-49645 audit@patchstack.com
solwin–User Activity Log Pro
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4. 2024-11-01 6.3 CVE-2024-37929 audit@patchstack.com
SourceCodester–Kortex Lite Advocate Office Management System
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-28 6.3 CVE-2024-10450 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
spider-themes — bbp_core
The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-11-02 6.1 CVE-2024-9896 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
squirrly — premium_seo_pack
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001. 2024-10-28 6.5 CVE-2024-50465 audit@patchstack.com
streamweasels–StreamWeasels Kick Integration
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 6.4 CVE-2024-10184 security@wordfence.com
security@wordfence.com
security@wordfence.com
streamweasels–StreamWeasels YouTube Integration
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 6.4 CVE-2024-10185 security@wordfence.com
security@wordfence.com
security@wordfence.com
StylemixThemes–Masterstudy Elementor Widgets
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2. 2024-11-01 5.3 CVE-2024-37269 audit@patchstack.com
suifengtec–WP Baidu Map
The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘baidu_map’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-30 6.4 CVE-2024-9886 security@wordfence.com
security@wordfence.com
security@wordfence.com
sunshinephotocart — sunshine_photo_cart
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. 2024-10-28 6.1 CVE-2024-50463 audit@patchstack.com
Survey Maker team–Survey Maker
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2. 2024-10-29 5.9 CVE-2024-50426 audit@patchstack.com
Team Bright Vessel–Textboxes
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Team Bright Vessel Textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through 0.1.3.1. 2024-10-28 6.5 CVE-2024-50469 audit@patchstack.com
Team Emilia Projects–Progress Planner
Missing Authorization vulnerability in Team Emilia Projects Progress Planner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Progress Planner: from n/a through 0.9.1. 2024-11-01 5.3 CVE-2024-37411 audit@patchstack.com
Templately–Templately
Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2. 2024-11-01 6.5 CVE-2024-47308 audit@patchstack.com
Templately–Templately
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. 2024-10-29 6.5 CVE-2024-50424 audit@patchstack.com
Templately–Templately
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. 2024-10-29 5.4 CVE-2024-50423 audit@patchstack.com
The SEO Guys at SEOPress–SEOPress
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. 2024-10-29 5.3 CVE-2024-50454 audit@patchstack.com
The SEO Guys at SEOPress–SEOPress
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. 2024-10-29 5.4 CVE-2024-50456 audit@patchstack.com
The SEO Guys at SEOPress–SEOPress
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. 2024-10-29 4.3 CVE-2024-50455 audit@patchstack.com
TheInnovs–EleForms
Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9. 2024-11-01 5.3 CVE-2024-38748 audit@patchstack.com
Theme4Press–Demo Awesome
Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2. 2024-11-01 5.4 CVE-2024-37207 audit@patchstack.com
themeisle–Multiple Page Generator Plugin MPG
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects. 2024-11-01 5.4 CVE-2024-7424 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
themeisle–Otter Blocks Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-11-01 6.4 CVE-2024-10367 security@wordfence.com
security@wordfence.com
security@wordfence.com
themes4wp — youtube_external_subtitles
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes4WP YouTube External Subtitles: from n/a through 1.0. 2024-10-28 5.4 CVE-2024-50470 audit@patchstack.com
Themeum–Tutor LMS
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3. 2024-11-01 4.3 CVE-2024-43142 audit@patchstack.com
Themeum–WP Crowdfunding
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. 2024-11-01 6.4 CVE-2024-43937 audit@patchstack.com
tidaweb — tida_url_screenshot
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tidaweb Tida URL Screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through 1.0. 2024-10-29 6.1 CVE-2024-49641 audit@patchstack.com
Time Slot Booking–Time Slot
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Time Slot Booking Time Slot allows Stored XSS.This issue affects Time Slot: from n/a through 1.3.6. 2024-10-29 6.5 CVE-2024-50418 audit@patchstack.com
timstrifler–Exclusive Addons for Elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-10-29 4.3 CVE-2024-10312 security@wordfence.com
security@wordfence.com
Tongda–OA 2017
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-31 6.3 CVE-2024-10601 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA 2017
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10602 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA 2017
A vulnerability was found in Tongda OA 2017 up to 11.10. It has been rated as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/query/list/input_form/delete_data_attach.php. The manipulation of the argument RUN_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10615 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA 2017
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10655 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA 2017
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. This issue affects some unknown processing of the file /pda/meeting/apply.php. The manipulation of the argument mr_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10656 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA 2017
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10732 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA 2017
A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-31 5.3 CVE-2024-10599 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA
A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10616 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA
A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10617 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA
A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approve_center/prcs_info.php. The manipulation of the argument RUN_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10657 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA
A vulnerability classified as critical was found in Tongda OA up to 11.10. Affected by this vulnerability is an unknown functionality of the file /pda/approve_center/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 6.3 CVE-2024-10658 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA
A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/web_show.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10730 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA
A vulnerability, which was classified as critical, was found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/appcenter/check_seal.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-03 6.3 CVE-2024-10731 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tongda–OA
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-31 5.3 CVE-2024-10598 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
TOTOLINK–LR350
A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-01 5.3 CVE-2024-10654 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Truepush–Truepush
Missing Authorization vulnerability in Truepush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Truepush: from n/a through 1.0.8. 2024-11-01 5.4 CVE-2024-44021 audit@patchstack.com
twinpictures–T(-) Countdown
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tminus’ shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-30 6.4 CVE-2024-9884 security@wordfence.com
security@wordfence.com
security@wordfence.com
Tyche Softwares–Arconix FAQ
Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4. 2024-11-01 5.3 CVE-2024-38783 audit@patchstack.com
Tyche Softwares–Arconix Shortcodes
Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11. 2024-11-01 5.3 CVE-2024-38769 audit@patchstack.com
Tyche Softwares–Product Delivery Date for WooCommerce Lite
Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2. 2024-11-01 5.3 CVE-2024-38702 audit@patchstack.com
tychesoftwares — arconix_shortcodes
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘box’ shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-29 5.4 CVE-2024-10226 security@wordfence.com
security@wordfence.com
security@wordfence.com
UkrSolution–Print Barcode Labels for your WooCommerce products/orders
Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9. 2024-11-01 6.5 CVE-2024-43310 audit@patchstack.com
Uncanny Owl–Uncanny Automator Pro
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0. 2024-11-01 5.3 CVE-2024-37119 audit@patchstack.com
Uncanny Owl–Uncanny Toolkit Pro for LearnDash
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0 2024-11-01 5.4 CVE-2024-37439 audit@patchstack.com
Unknown–Download Manager
The Download Manager WordPress plugin before 3.3.00 doesn’t sanitize some of it’s shortcode parameters, leading to cross site scripting. 2024-10-30 5.4 CVE-2024-8444 contact@wpscan.com
Upqode–Plum: Spin Wheel & Email Pop-up
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0. 2024-11-01 5.3 CVE-2024-38743 audit@patchstack.com
Veribo, Roland Murg–WP Booking System
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Veribo, Roland Murg WP Booking System.This issue affects WP Booking System: from n/a through 2.0.19.10. 2024-10-29 6.5 CVE-2024-50425 audit@patchstack.com
VirusTran–Button contact VR
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.9.1. 2024-10-29 5.9 CVE-2024-50414 audit@patchstack.com
VowelWeb–Ibtana
Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3. 2024-11-01 5.3 CVE-2024-37123 audit@patchstack.com
webbricks — web_bricks_addons
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1. 2024-10-29 5.4 CVE-2024-49665 audit@patchstack.com
webgensis — simple_load_more
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webgensis Simple Load More allows Reflected XSS.This issue affects Simple Load More: from n/a through 1.0. 2024-10-29 6.1 CVE-2024-49662 audit@patchstack.com
WebsiteinWP–Blogpoet
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. 2024-11-01 6.5 CVE-2024-43998 audit@patchstack.com
WebXApp–Scrollbar by webxapp Best vertical/horizontal scrollbars plugin
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WebXApp Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin allows Stored XSS.This issue affects Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin: from n/a through 1.3.0. 2024-10-28 6.5 CVE-2024-50467 audit@patchstack.com
wedevs — recaptcha_integration
The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-11-02 6.1 CVE-2024-8739 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wedevs — wp_erp
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2. 2024-10-29 6.1 CVE-2024-47640 audit@patchstack.com
WordPress Page Builder Sandwich Team–Page Builder Sandwich Front-End Page Builder
Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. 2024-11-01 4.3 CVE-2024-37218 audit@patchstack.com
wowDevs–Sky Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.15. 2024-10-28 6.5 CVE-2024-50433 audit@patchstack.com
WP Codeus–Advanced Sermons
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Codeus Advanced Sermons allows Stored XSS.This issue affects Advanced Sermons: from n/a through 3.4. 2024-10-28 6.5 CVE-2024-50458 audit@patchstack.com
WP Overnight–WooCommerce PDF Invoices & Packing Slips
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6. 2024-10-29 5.3 CVE-2024-50421 audit@patchstack.com
WP Quads–Ads by WPQuads Adsense Ads, Banner Ads, Popup Ads
Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84. 2024-11-01 4.3 CVE-2024-47317 audit@patchstack.com
WP Sunshine–Sunshine Photo Cart
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. 2024-11-01 5.3 CVE-2024-44038 audit@patchstack.com
WP Sunshine–Sunshine Photo Cart
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1. 2024-11-01 4.3 CVE-2024-43136 audit@patchstack.com
WPBackItUp–Backup and Restore WordPress
Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50. 2024-11-01 5.4 CVE-2024-43268 audit@patchstack.com
WPBackItUp–Backup and Restore WordPress
Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. 2024-11-01 5.3 CVE-2024-43270 audit@patchstack.com
WPBlockArt–Magazine Blocks
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPBlockArt Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.15. 2024-10-28 6.5 CVE-2024-50429 audit@patchstack.com
wpchill–Download Monitor
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users. 2024-10-30 4.3 CVE-2024-10399 security@wordfence.com
security@wordfence.com
security@wordfence.com
WPChill–Htaccess File Editor
Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Htaccess File Editor: from n/a through 1.0.18. 2024-11-01 5.4 CVE-2024-49256 audit@patchstack.com
WPChill–Strong Testimonials
Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16. 2024-11-01 4.3 CVE-2024-47362 audit@patchstack.com
WPClever–WPC Frequently Bought Together for WooCommerce
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9. 2024-11-01 5.4 CVE-2024-43312 audit@patchstack.com
wpclever–WPC Smart Messages for WooCommerce
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages. 2024-10-29 4.3 CVE-2024-10437 security@wordfence.com
security@wordfence.com
security@wordfence.com
wpcloudtechnologies–Get Quote For Woocommerce Request A Quote For Woocommerce
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents. 2024-10-31 5.3 CVE-2024-9430 security@wordfence.com
security@wordfence.com
wpdelower–Easy SVG Upload
The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-31 6.4 CVE-2024-9708 security@wordfence.com
security@wordfence.com
WPDeveloper–EmbedPress
Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4. 2024-11-01 6.3 CVE-2024-38707 audit@patchstack.com
WPDeveloper–EmbedPress
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.14. 2024-10-28 6.5 CVE-2024-50461 audit@patchstack.com
WPEngine Inc.–Advanced Custom Fields PRO
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1. 2024-11-01 5.4 CVE-2024-37250 audit@patchstack.com
WPEngine Inc.–Advanced Custom Fields PRO
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1. 2024-11-01 4.3 CVE-2024-37249 audit@patchstack.com
WPKoi–WPKoi Templates for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.0. 2024-10-29 5.9 CVE-2024-49679 audit@patchstack.com
WPManageNinja LLC–Fluent Support
Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.0. 2024-11-01 5.3 CVE-2024-47302 audit@patchstack.com
Wpmet–Elements kit Elementor addons
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elements kit Elementor addons: from n/a through 3.1.4. 2024-11-01 5.3 CVE-2024-37255 audit@patchstack.com
WPMobile.App–WPMobile.App
Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48. 2024-10-31 4.3 CVE-2024-43933 audit@patchstack.com
WPMU DEV–Defender Security
Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1. 2024-11-01 5.3 CVE-2024-37444 audit@patchstack.com
WPMU DEV–Hummingbird
Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1. 2024-11-01 4.3 CVE-2024-43118 audit@patchstack.com
wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the ‘entry_id’ user controlled key. This makes it possible for unauthenticated attackers to modify other user’s quiz submissions. 2024-10-31 5.3 CVE-2024-9700 security@wordfence.com
security@wordfence.com
security@wordfence.com
Wpsoul–Greenshift animation and page builder blocks
Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7. 2024-10-30 5.4 CVE-2024-50419 audit@patchstack.com
WPVibes–Elementor Addon Elements
Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6. 2024-11-01 6.5 CVE-2024-47361 audit@patchstack.com
WPZOOM–Recipe Card Blocks for Gutenberg & Elementor
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. 2024-11-01 4.3 CVE-2024-43293 audit@patchstack.com
xootix–Waitlist Woocommerce ( Back in stock notifier )
Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6. 2024-11-01 4.3 CVE-2024-43134 audit@patchstack.com
XSERVER Inc.–TypeSquare Webfonts
Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. 2024-11-01 5.3 CVE-2024-43120 audit@patchstack.com
YARPP–YARPP
Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. 2024-11-01 5.3 CVE-2024-43919 audit@patchstack.com
Zaytech–Smart Online Order for Clover
Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a through 1.5.6. 2024-11-01 5.3 CVE-2024-43253 audit@patchstack.com
Zaytech–Smart Online Order for Clover
Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Online Order for Clover: from n/a through 1.5.6. 2024-11-01 4.3 CVE-2024-43254 audit@patchstack.com
ZTE–MF258 Pro
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. 2024-10-29 6.8 CVE-2024-22065 psirt@zte.com.cn

Source link
lol

abdullahirfan — documentpress Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1. 2024-10-29 6.1 CVE-2024-49656 audit@patchstack.com abdullahirfan — whitelist Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan Whitelist allows…

Vulnerability Summary for the Week of October 28, 2024 | CISA

Leave a Reply Cancel reply

Recent Posts

Recent Comments