In Drupal Core versions 10.0.0 to 10.2.10 a medium severity vulnerability CVE-2024-11942 was detected. This vulnerability allows attackers to perform file manipulation. To address this issue, users should upgrade Drupal Core to version 10.2.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11942.
Read more CMS
In WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates plugin for WordPress in versions up to 2.9.1 a medium severity vulnerability CVE-2024-53740 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages by tricking users into actions such as clicking on a link, due to insufficient input sanitization and output escaping. To address this issue, users must upgrade to version 2.9.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53740.
Read more E-commerce
In WordPress Portfolio Builder – Portfolio Gallery plugin in versions up to 1.1.7 a medium severity vulnerability CVE-2024-53788 was detected. This vulnerability allows editors or higher to inject scripts into pages, which execute when accessed, due to insufficient input sanitization. There is no patched version available to address this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53788.
Read more CMS
In WordPress Elementor Button Plus Plugin versions up to 1.3.3 a low severity vulnerability CVE-2024-53746 was detected. This vulnerability allows a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads, into websites, which will be executed when guests visit the site. There is no patched version available to address this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53746.
Read more CMS
In Wallet for WooCommerce plugin versions up to 1.5.6 a medium severity vulnerability CVE-2024-7747 was detected. This vulnerability allows attackers with Subscriber access or higher to generate fake funds and transfer them to users or themselves. They could also request withdrawals if approved by an admin. To address this issue, users must upgrade to Wallet for WooCommerce version 1.5.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7747.
Read more E-commerce
In WordPress Contact Forms by Cimatti versions up to 1.9.2 a medium severity vulnerability CVE-2024-10521 was detected. This vulnerability allows unauthenticated attackers to delete forms via a forged request by exploiting missing or incorrect nonce validation in the process_bulk_action function. To address this issue, users must upgrade to WordPress Contact Forms by Cimatti version 1.9.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10521.
Read more CMS
In PrestaShop version 8.1.4 a medium severity vulnerability CVE-2024-36626 was detected. This vulnerability allows attackers to exploit the function with malformed inputs, potentially causing the application to crash or resulting in a denial of service (DoS). To fix this issue, users should upgrade PrestaShop to version 8.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-36626.
Read more E-commerce
In Dolibarr versions prior to 15.0.0 a medium severity vulnerability CVE-2021-3991 was found. This vulnerability lets attackers view sensitive reception details by accessing specific URLs without proper permissions. To fix this issue, users are advised to upgrade to version 15.0.0 or above. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2021-3991.
Read more ERP
In WooCommerce in all versions up to and including 2.2.9 a medium severity vulnerability CVE-2024-10852 was detected. This vulnerability allows attackers with low-level access to export plugin settings, potentially exposing sensitive data. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10852.
Read more E-commerce