In Directus versions before 10.13.2 a medium severity vulnerability CVE-2024-47822 was detected. This vulnerability allows attackers to gain unauthorized data access and manipulation by exploiting exposed access tokens in system logs. To address this issue, users should upgrade to version 10.13.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47822.
Read more CMSIn WP Job Portal WordPress plugin versions up to and including 2.2.4 a medium severity vulnerability CVE-2024-12132 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to create jobs for companies they are not affiliated with due to missing validation on a user-controlled key. To address this issue, users should upgrade to a version 2.2.5 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12132.
Read more CMSIn wp-enable-svg WordPress plugin through version 0.7 a medium severity vulnerability CVE-2024-11184 was detected. This vulnerability allows authors and higher-privileged users to upload SVG files containing malicious scripts due to insufficient sanitization during file uploads. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11184.
Read more CMSIn goodlayers-core WordPress plugin before version 2.0.10 a medium severity vulnerability CVE-2024-11357 was detected. This vulnerability allows users with the contributor role or higher to perform Stored Cross-Site Scripting (XSS) attacks by exploiting unsanitized and unescaped settings. To address this issue, users should upgrade to version 2.0.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11357.
Read more CMSIn AHAthat WordPress plugin version 1.6 and prior a medium severity vulnerability CVE-2024-12595 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks by exploiting the unsanitized `$_SERVER[‘REQUEST_URI’]` parameter, which is outputted in an attribute. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12595.
Read more CMSIn WebToffee WordPress Backup & Migration plugin versions up to 1.4.1 a medium severity vulnerability CVE-2023-45636 was detected. This vulnerability allows attackers to exploit improperly configured access control security levels due to missing authorization. To address this issue, users should upgrade to version 1.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-45636.
Read more CMSIn Hunk Companion WordPress plugin before version 1.9.0 a critical severity vulnerability CVE-2024-11972 was detected. This vulnerability allows unauthenticated attackers to install and activate arbitrary plugins, including vulnerable versions of the Hunk Companion plugin, from the WordPress.org repository via improperly authorized REST API endpoints. To address this issue, users should upgrade to version 1.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11972.
Read more CMSIn The Ninja Forms – The Contact Form Builder That Grows With You WordPress plugin versions up to and including 3.8.22 a medium severity vulnerability CVE-2024-12238 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes due to improper validation of values before running the `do_shortcode` function. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12238.
Read more CMSIn DN Shipping by Weight for WooCommerce WordPress plugin before version 1.2 a medium severity vulnerability CVE-2024-11842 was detected. This vulnerability allows attackers to change plugin settings via a Cross-Site Request Forgery (CSRF) attack, exploiting the lack of a CSRF check. To address this issue, users should upgrade to version 1.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11842.
Read more CMS