In the LaTeX2HTML plugin for WordPress all versions up to 2.5.5 a medium severity vulnerability CVE-2024-11688 was detected. This vulnerability allows attackers to execute arbitrary scripts in the context of the user’s browser, potentially leading to session hijacking, defacement, or other malicious activities. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11688.
Read more CMSIn the real.Kit plugin for WordPress all versions up to 5.1.1 a medium severity vulnerability CVE-2024-12697 was detected. This vulnerability allows attackers with certain access to add harmful scripts to a website. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12697.
Read more CMSIn WP SHAPES plugin for WordPress versions up to and including 1.0.0 a medium severity vulnerability CVE-2024-9619 was detected. This vulnerability allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts through SVG file uploads, which execute when users access the SVG file. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9619.
Read more CMSIn Liferay Portal versions 7.1.0 through 7.4.3.38 and Liferay DXP versions 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28 a medium severity vulnerability CVE-2024-11993 was detected. This vulnerability allows attackers to inject malicious code into a web page, which can then steal sensitive information or trick users into performing unwanted actions. To fix this issue, users should upgrade Liferay Portal to versions 7.4.3.39 and later and Liferay DXP to versions, 7.4 update 39 and later, 7.3 update 37 and later, 7.2 fix pack 21 and later, 7.1 fix pack 29 and later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11993.
Read more CMSIn Opt-In Downloads plugin for WordPress versions up to 4.07 a high severity vulnerability CVE-2024-10590 was detected. This vulnerability allows authenticated users with Subscriber-level access or higher to upload arbitrary files, potentially leading to remote code execution (RCE) on NGINX servers. To address this issue, users must upgrade to a version later than 4.07. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10590.
Read more CMSIn Cognito Forms plugin for WordPress versions up to 2.0.6 a medium severity vulnerability CVE-2024-10182 was detected. This vulnerability allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts into pages, which execute whenever a user accesses an affected page. To address this issue, users must upgrade to a version later than 2.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10182.
Read more CMSIn HQ Rental Software plugin for WordPress versions up to 1.5.29 a high severity vulnerability CVE-2024-11689 was detected. This vulnerability allows unauthenticated attackers to update arbitrary options, potentially leading to privilege escalation, by tricking a site administrator into performing an action such as clicking on a link. To address this issue, users must upgrade to a version later than 1.5.29. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11689.
Read more CMSIn the kvCORE IDX plugin for WordPress version 2.3.35 a medium severity vulnerability CVE-2024-11723 was detected. This vulnerability allows attackers to trick users into clicking malicious links, which can steal personal data or perform harmful actions on their behalf. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11723.
Read more CMSIn the Essential Real Estate plugin for WordPress version 5.1.6 a medium severity vulnerability CVE-2024-12329 was detected. This vulnerability allows authenticated users with Contributor-level access and above to view sensitive data, such as invoices and transaction logs, without proper authorization. To fix this issue, users should upgrade the Essential Real Estate plugin for WordPress to version 5.1.7. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12329.
Read more CMS