In MonicaHQ version 4.1.2 a medium severity vulnerability CVE-2024-54999 was detected. This vulnerability allows attackers to exploit a Client-Side Injection via the `last_name` parameter in the General Information module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54999.
Read more CRMIn MonicaHQ version 4.1.1 a medium severity vulnerability CVE-2024-54997 was detected. This vulnerability allows attackers to exploit an authenticated Client-Side Injection via the `entry` text field at `/journal/entries/ID/edit`. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54997.
Read more CRMIn Drupal Node Access Rebuild Progressive versions from 7.X-1.0 to before 7.X-1.2 a medium severity vulnerability CVE-2024-13249 was detected. This vulnerability allows attackers to influence target behavior via framing. To address this issue, users should upgrade Node Access Rebuild Progressive to version 7.X-1.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13249.
Read more CMSIn WordPress Webinar Plugin – WebinarPress versions up to 1.33.24 a high severity vulnerability CVE-2024-11270 was detected. This vulnerability allows authenticated attackers with subscriber-level access or higher to create arbitrary files via the ‘sync-import-imgs’ function, leading to potential remote code execution. To address this issue, users should upgrade to version 1.33.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11270.
Read more CMSIn MIMO Woocommerce Order Tracking Plugin versions up to 1.0.2 a medium severity vulnerability CVE-2024-5769 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify shipper tracking settings due to missing capability checks on several functions. There is no patched version available at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5769.
Read more E-commerceIn Ultimate Gift Cards for WooCommerce Plugin versions up to 2.9.1 a high severity vulnerability CVE-2024-11423 was detected. This vulnerability allows unauthenticated attackers to modify gift card balances via several REST API endpoints, such as /wp-json/gifting/recharge-giftcard, without making a payment or purchasing anything. To address this issue, users should upgrade to version 2.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11423.
Read more E-commerceIn Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.
Read more E-commerceIn WordPress File Upload plugin versions up to 4.24.12 a critical severity vulnerability CVE-2024-11635 was detected. This vulnerability allows unauthenticated attackers to execute remote code via the ‘wfu_ABSPATH’ cookie parameter. To address this issue, users must upgrade to WordPress File Upload plugin version 4.24.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11635.
Read more CMSIn WordPress Header Builder Plugin – Pearl versions up to 1.3.8 a medium severity vulnerability CVE-2024-12206 was detected. It allows attackers to delete headers by tricking admins into clicking malicious links. To address this issue, users should upgrade to version 1.3.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12206.
Read more CMS