In WooCommerce in all versions up to and including 2.2.9 a medium severity vulnerability CVE-2024-10852 was detected. This vulnerability allows attackers with low-level access to export plugin settings, potentially exposing sensitive data. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10852.
Read more E-commerce
In WooCommerce in all versions up to and including 2.2.9 a medium severity vulnerability CVE-2024-10854 was detected. This vulnerability allows attackers with low-level access to import and modify plugin settings, potentially compromising data. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10854.
Read more E-commerce
In WordPress in all versions up to and including 16.6 a high severity vulnerability CVE-2024-10800 was detected. This vulnerability allows attackers with low-level access to escalate their privileges to administrator, potentially compromising the site. To fix this problem, users should upgrade to version 16.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10800.
Read more CMS
In WordPress in all versions up to and including 1.9.244 a medium severity vulnerability CVE-2024-10647 was detected. This vulnerability allows attackers to inject malicious scripts into pages, which execute if a user clicks a specially crafted link. To fix this problem, users should upgrade to version 1.9.245. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10647.
Read more CMS
In WordPress in all versions up to and including 2.7.7 a high severity vulnerability CVE-2024-10114 was detected. This vulnerability allows attackers to bypass authentication and log in as any user, including administrators, by exploiting insufficient verification in the social login process. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10114.
Read more CMS
In WordPress in all versions up to and including 1.5.1 a high severity vulnerability CVE-2024-10711 was detected. This vulnerability allows attackers to update site settings through a forged request, potentially enabling privilege escalation if an administrator is tricked into clicking a malicious link. To fix this problem, users should upgrade to version 1.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10711.
Read more CMS
In WordPress in all versions up to and including 3.2.6 a medium severity vulnerability CVE-2024-8323 was detected. This vulnerability allows attackers with Contributor access or higher to inject malicious scripts into pages, which execute when a user visits an affected page. To fix this problem, users should upgrade to version 3.2.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8323.
Read more CMS
In WordPress in all versions up to and including 2.2.13 a high severity vulnerability CVE-2024-10028 was detected. This vulnerability allows attackers to access and download a site’s backup file by exposing sensitive information during the backup process. To fix this problem, users should upgrade to version 2.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10028.
Read more CMS
In WordPress in all versions up to and including 1.1.35 a high severity vulnerability CVE-2024-10020 was detected. This vulnerability allows attackers to log in as any user by exploiting weak verification in the social login process, potentially compromising accounts if the social login is enabled for administrators. To fix this problem, users should upgrade to version 1.1.36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10020.
Read more CMS