In Cognito Forms plugin for WordPress versions up to 2.0.6 a medium severity vulnerability CVE-2024-10182 was detected. This vulnerability allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts into pages, which execute whenever a user accesses an affected page. To address this issue, users must upgrade to a version later than 2.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10182.
Read more CMS
In HQ Rental Software plugin for WordPress versions up to 1.5.29 a high severity vulnerability CVE-2024-11689 was detected. This vulnerability allows unauthenticated attackers to update arbitrary options, potentially leading to privilege escalation, by tricking a site administrator into performing an action such as clicking on a link. To address this issue, users must upgrade to a version later than 1.5.29. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11689.
Read more CMS
In the Planaday API plugin for WordPress versions up to and including 11.4 a medium severity vulnerability CVE-2024-11804 was detected. This vulnerability allows attackers to inject harmful web scripts into pages by exploiting the ‘tab’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11804.
Read more CMS
In the kvCORE IDX plugin for WordPress version 2.3.35 a medium severity vulnerability CVE-2024-11723 was detected. This vulnerability allows attackers to trick users into clicking malicious links, which can steal personal data or perform harmful actions on their behalf. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11723.
Read more CMS
In the Essential Real Estate plugin for WordPress version 5.1.6 a medium severity vulnerability CVE-2024-12329 was detected. This vulnerability allows authenticated users with Contributor-level access and above to view sensitive data, such as invoices and transaction logs, without proper authorization. To fix this issue, users should upgrade the Essential Real Estate plugin for WordPress to version 5.1.7. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12329.
Read more CMS
In the Country Blocker plugin for WordPress versions up to and including 3.2 a medium severity vulnerability CVE-2024-11459 was detected. This vulnerability allows attackers to inject harmful web scripts into pages via the ‘ip’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11459.
Read more CMS
In miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin versions 7.5.14 and prior a medium severity vulnerability CVE-2023-24375 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-24375.
Read more CMS
In ONLYOFFICE Docs Plugin for WordPress versions up to and including 2.0.0 a medium severity vulnerability CVE-2024-11450 was detected. This vulnerability allows attackers with contributor-level access or higher to inject arbitrary web scripts into pages via the ‘onlyoffice’ shortcode. These scripts execute whenever a user accesses an injected page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11450.
Read more Productivity
In Directus versions prior to 11.2.9 and 11.0.0 a high severity vulnerability CVE-2024-54151 was detected. This vulnerability allows unauthenticated users to perform any operations (CRUD, subscriptions) with full admin privileges if `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` is set to `public`. To address this issue, users should upgrade Directus to version 11.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54151.
Read more CMS