In WordPress Webinar Plugin – WebinarPress versions up to 1.33.24 a high severity vulnerability CVE-2024-11270 was detected. This vulnerability allows authenticated attackers with subscriber-level access or higher to create arbitrary files via the ‘sync-import-imgs’ function, leading to potential remote code execution. To address this issue, users should upgrade to version 1.33.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11270.
Read more CMSIn MIMO Woocommerce Order Tracking Plugin versions up to 1.0.2 a medium severity vulnerability CVE-2024-5769 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify shipper tracking settings due to missing capability checks on several functions. There is no patched version available at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5769.
Read more E-commerceIn Ultimate Gift Cards for WooCommerce Plugin versions up to 2.9.1 a high severity vulnerability CVE-2024-11423 was detected. This vulnerability allows unauthenticated attackers to modify gift card balances via several REST API endpoints, such as /wp-json/gifting/recharge-giftcard, without making a payment or purchasing anything. To address this issue, users should upgrade to version 2.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11423.
Read more E-commerceIn Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.
Read more E-commerceIn WordPress File Upload plugin versions up to 4.24.15 a critical vulnerability CVE-2024-11613 was detected. This allows unauthenticated attackers to execute remote code, read, and delete files due to improper sanitization of the ‘source’ parameter. To fix this issue, users must upgrade to version 4.25.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11613.
Read more CMSIn WordPress File Upload plugin versions up to 4.24.12 a critical severity vulnerability CVE-2024-11635 was detected. This vulnerability allows unauthenticated attackers to execute remote code via the ‘wfu_ABSPATH’ cookie parameter. To address this issue, users must upgrade to WordPress File Upload plugin version 4.24.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11635.
Read more CMSIn WordPress Header Builder Plugin – Pearl versions up to 1.3.8 a medium severity vulnerability CVE-2024-12206 was detected. It allows attackers to delete headers by tricking admins into clicking malicious links. To address this issue, users should upgrade to version 1.3.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12206.
Read more CMSIn Deliver via Shipos for WooCommerce plugin versions up to 2.1.7 a medium severity vulnerability CVE-2024-12222 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘dvsfw_bulk_label_url’ parameter due to insufficient input sanitization and output escaping. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12222.
Read more E-commerceIn WooCommerce Check Pincode/Zipcode for Shipping plugin versions up to 2.0.4 a medium severity vulnerability CVE-2024-12218 was detected. This vulnerability allows unauthenticated attackers to inject malicious web scripts via a forged request due to missing or incorrect nonce validation. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12218.
Read more E-commerce