Get Started

Business and Enterprise Solutions

Selected category
11 Jan 2025 Business and Enterprise Solutions
WooCommerce: Unauthorized Gift Card Balance Modification Vulnerability in Ultimate Gift Cards Plugin

In Ultimate Gift Cards for WooCommerce Plugin versions up to 2.9.1 a high severity vulnerability CVE-2024-11423 was detected. This vulnerability allows unauthenticated attackers to modify gift card balances via several REST API endpoints, such as /wp-json/gifting/recharge-giftcard, without making a payment or purchasing anything. To address this issue, users should upgrade to version 2.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11423.

 Read more E-commerce
11 Jan 2025 Business and Enterprise Solutions
WordPress: Arbitrary File Creation Vulnerability in WebinarPress Plugin

In WordPress Webinar Plugin – WebinarPress versions up to 1.33.24 a high severity vulnerability CVE-2024-11270 was detected. This vulnerability allows authenticated attackers with subscriber-level access or higher to create arbitrary files via the ‘sync-import-imgs’ function, leading to potential remote code execution. To address this issue, users should upgrade to version 1.33.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11270.

 Read more CMS
11 Jan 2025 Business and Enterprise Solutions
WooCommerce: Reflected Cross-Site Scripting Vulnerability in Shipping via Planzer Plugin

In Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.

 Read more E-commerce
10 Jan 2025 Business and Enterprise Solutions
WooCommerce: Reflected Cross-Site Scripting via ‘dvsfw_bulk_label_url’ Parameter in Deliver via Shipos for WooCommerce plugin

In Deliver via Shipos for WooCommerce plugin versions up to 2.1.7 a medium severity vulnerability CVE-2024-12222 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘dvsfw_bulk_label_url’ parameter due to insufficient input sanitization and output escaping. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12222.

 Read more E-commerce
10 Jan 2025 Business and Enterprise Solutions
WordPress: Remote Code Execution via Improper Parameter Sanitization in File Upload Plugin

In WordPress File Upload plugin versions up to 4.24.15 a critical vulnerability CVE-2024-11613 was detected. This allows unauthenticated attackers to execute remote code, read, and delete files due to improper sanitization of the ‘source’ parameter. To fix this issue, users must upgrade to version 4.25.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11613.

 Read more CMS
10 Jan 2025 Business and Enterprise Solutions
WooCommerce: Cross-Site Request Forgery (CSRF) Vulnerability in Check Pincode/Zipcode for Shipping plugin

In WooCommerce Check Pincode/Zipcode for Shipping plugin versions up to 2.0.4 a medium severity vulnerability CVE-2024-12218 was detected. This vulnerability allows unauthenticated attackers to inject malicious web scripts via a forged request due to missing or incorrect nonce validation. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12218.

 Read more E-commerce
10 Jan 2025 Business and Enterprise Solutions
WordPress: Remote Code Execution via ‘wfu_ABSPATH’ Cookie Parameter in File Upload Plugin

In WordPress File Upload plugin versions up to 4.24.12 a critical severity vulnerability CVE-2024-11635 was detected. This vulnerability allows unauthenticated attackers to execute remote code via the ‘wfu_ABSPATH’ cookie parameter. To address this issue, users must upgrade to WordPress File Upload plugin version 4.24.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11635.

 Read more CMS
10 Jan 2025 Business and Enterprise Solutions
WordPress: Cross-Site Request Forgery (CSRF) Vulnerability in Header Builder Plugin

In WordPress Header Builder Plugin – Pearl versions up to 1.3.8 a medium severity vulnerability CVE-2024-12206 was detected. It allows attackers to delete headers by tricking admins into clicking malicious links. To address this issue, users should upgrade to version 1.3.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12206.

 Read more CMS
8 Jan 2025 Business and Enterprise Solutions
Directus: SSO User Enumeration Vulnerability

In Directus versions before 10.13.0 a medium severity vulnerability CVE-2024-39896 was detected. This vulnerability allows attackers to enumerate existing SSO users in the instance by triggering specific error messages when combining SSO providers with local authentication. To address this issue, users should upgrade to version 10.13.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39896.

 Read more CMS