In the Essential Real Estate plugin for WordPress version 5.1.6 a medium severity vulnerability CVE-2024-12329 was detected. This vulnerability allows authenticated users with Contributor-level access and above to view sensitive data, such as invoices and transaction logs, without proper authorization. To fix this issue, users should upgrade the Essential Real Estate plugin for WordPress to version 5.1.7. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12329.
Read more CMSIn the Country Blocker plugin for WordPress versions up to and including 3.2 a medium severity vulnerability CVE-2024-11459 was detected. This vulnerability allows attackers to inject harmful web scripts into pages via the ‘ip’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11459.
Read more CMSIn ONLYOFFICE Docs Plugin for WordPress versions up to and including 2.0.0 a medium severity vulnerability CVE-2024-11450 was detected. This vulnerability allows attackers with contributor-level access or higher to inject arbitrary web scripts into pages via the ‘onlyoffice’ shortcode. These scripts execute whenever a user accesses an injected page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11450.
Read more ProductivityIn miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin versions 7.5.14 and prior a medium severity vulnerability CVE-2023-24375 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-24375.
Read more CMSIn Directus versions prior to 11.2.9 and 11.0.0 a high severity vulnerability CVE-2024-54151 was detected. This vulnerability allows unauthenticated users to perform any operations (CRUD, subscriptions) with full admin privileges if `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` is set to `public`. To address this issue, users should upgrade Directus to version 11.3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54151.
Read more CMSIn Drupal Core versions from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9 a medium severity vulnerability CVE-2024-55638 was detected. This vulnerability allows attackers to exploit deserialization of untrusted data, leading to object injection. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55638.
Read more CMSIn Drupal Core versions from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8 a medium severity vulnerability CVE-2024-12393 was detected. This vulnerability allows attackers to exploit improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12393.
Read more CMSIn Drupal Core versions 10.0.0 to 10.2.10 a medium severity vulnerability CVE-2024-11942 was detected. This vulnerability allows attackers to perform file manipulation. To address this issue, users should upgrade Drupal Core to version 10.2.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11942.
Read more CMSIn WordPress Portfolio Builder – Portfolio Gallery plugin in versions up to 1.1.7 a medium severity vulnerability CVE-2024-53788 was detected. This vulnerability allows editors or higher to inject scripts into pages, which execute when accessed, due to insufficient input sanitization. There is no patched version available to address this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53788.
Read more CMS