E-commerce

In Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a medium severity vulnerability CVE-2024-45131 was detected. This vulnerability allows attackers with limited access to bypass security restrictions and potentially access sensitive information or perform unauthorized actions within Adobe Commerce. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45131.

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a low severity vulnerability CVE-2024-45134 was detected. This vulnerability allows an admin attacker to bypass security features, potentially exposing sensitive information and aiding further attacks. To fix this problem, users should upgrade to version 2.4.7-p3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45134.

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a high severity vulnerability CVE-2024-45132 was detected. This vulnerability allows attackers to gain unauthorized access to higher privileges, potentially compromising sensitive information. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45132.

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a medium severity vulnerability CVE-2024-45135 was detected. This vulnerability allows attackers with admin access to bypass security measures in Adobe Commerce, so it’s essential to upgrade and review admin rights regularly. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45135.

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45149 was detected. This vulnerability allows low-privileged attackers to bypass security features, potentially compromising confidentiality. Exploitation does not require user interaction. Currently, there is no fix version for this issue.For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45149.

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45148 was detected. This vulnerability allows attackers to bypass security features and gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45148.

In Magento’s all versions, a medium severity vulnerability CVE-2024-4812 was detected. This vulnerability allows storing malicious JavaScript code in the “Description” field of a user account, which can be executed when opening certain pages like Host Collections. To fix this issue, users must upgrade Magento to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4812.

In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, and 2.4.4-p8 a critical severity vulnerability CVE-2024-34102 was detected. This allows attackers to execute unauthorized code on the server or access sensitive information by sending malicious XML documents, without needing any user interaction. To fix this problem, users should upgrade Magento Adobe Commerce to version 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-34102.

In WooCommerce versions prior from n/a through 9.1.2 a medium severity vulnerability CVE-2024-39666 was detected. This security flaw allows hackers to insert harmful code into web pages. To fix this problem, users should upgrade to WooCommerce version 9.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39666.