In Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.
Read more E-commerce
In WordPress Webinar Plugin – WebinarPress versions up to 1.33.24 a high severity vulnerability CVE-2024-11270 was detected. This vulnerability allows authenticated attackers with subscriber-level access or higher to create arbitrary files via the ‘sync-import-imgs’ function, leading to potential remote code execution. To address this issue, users should upgrade to version 1.33.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11270.
Read more CMS
In WooCommerce Check Pincode/Zipcode for Shipping plugin versions up to 2.0.4 a medium severity vulnerability CVE-2024-12218 was detected. This vulnerability allows unauthenticated attackers to inject malicious web scripts via a forged request due to missing or incorrect nonce validation. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12218.
Read more E-commerce
In WordPress File Upload plugin versions up to 4.24.15 a critical vulnerability CVE-2024-11613 was detected. This allows unauthenticated attackers to execute remote code, read, and delete files due to improper sanitization of the ‘source’ parameter. To fix this issue, users must upgrade to version 4.25.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11613.
Read more CMS
In WordPress File Upload plugin versions up to 4.24.12 a critical severity vulnerability CVE-2024-11635 was detected. This vulnerability allows unauthenticated attackers to execute remote code via the ‘wfu_ABSPATH’ cookie parameter. To address this issue, users must upgrade to WordPress File Upload plugin version 4.24.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11635.
Read more CMS
In WordPress Header Builder Plugin – Pearl versions up to 1.3.8 a medium severity vulnerability CVE-2024-12206 was detected. It allows attackers to delete headers by tricking admins into clicking malicious links. To address this issue, users should upgrade to version 1.3.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12206.
Read more CMS
In Deliver via Shipos for WooCommerce plugin versions up to 2.1.7 a medium severity vulnerability CVE-2024-12222 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘dvsfw_bulk_label_url’ parameter due to insufficient input sanitization and output escaping. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12222.
Read more E-commerce
In Directus versions before 10.13.0 a medium severity vulnerability CVE-2024-39896 was detected. This vulnerability allows attackers to enumerate existing SSO users in the instance by triggering specific error messages when combining SSO providers with local authentication. To address this issue, users should upgrade to version 10.13.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39896.
Read more CMS
In Directus versions before 10.11.2 a high severity vulnerability CVE-2024-36128 was detected. This vulnerability allows attackers to cause a denial of service by providing a non-numeric length value to the random string generation utility, breaking the ability to generate random strings and affecting session refresh functionality. To address this issue, users should upgrade to version 10.11.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36128.
Read more CMS