In WordPress in all versions up to and including 16.6 a critical severity vulnerability CVE-2024-11150 was detected. This vulnerability allows attackers to delete arbitrary files on the server, potentially enabling remote code execution. To fix this problem, users should upgrade to version 16.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11150.
Read more CMSIn WordPress in all versions up to and including 1.9.244 a medium severity vulnerability CVE-2024-10647 was detected. This vulnerability allows attackers to inject malicious scripts into pages, which execute if a user clicks a specially crafted link. To fix this problem, users should upgrade to version 1.9.245. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10647.
Read more CMSIn WordPress in all versions up to and including 2.7.7 a high severity vulnerability CVE-2024-10114 was detected. This vulnerability allows attackers to bypass authentication and log in as any user, including administrators, by exploiting insufficient verification in the social login process. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10114.
Read more CMSIn WordPress in all versions up to and including 1.5.1 a high severity vulnerability CVE-2024-10711 was detected. This vulnerability allows attackers to update site settings through a forged request, potentially enabling privilege escalation if an administrator is tricked into clicking a malicious link. To fix this problem, users should upgrade to version 1.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10711.
Read more CMSIn WordPress in all versions up to and including 3.2.6 a medium severity vulnerability CVE-2024-8323 was detected. This vulnerability allows attackers with Contributor access or higher to inject malicious scripts into pages, which execute when a user visits an affected page. To fix this problem, users should upgrade to version 3.2.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8323.
Read more CMSIn WordPress in all versions up to and including 2.2.13 a high severity vulnerability CVE-2024-10028 was detected. This vulnerability allows attackers to access and download a site’s backup file by exposing sensitive information during the backup process. To fix this problem, users should upgrade to version 2.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10028.
Read more CMSIn WordPress in all versions up to and including 1.1.35 a high severity vulnerability CVE-2024-10020 was detected. This vulnerability allows attackers to log in as any user by exploiting weak verification in the social login process, potentially compromising accounts if the social login is enabled for administrators. To fix this problem, users should upgrade to version 1.1.36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10020.
Read more CMSIn WooCommerce versions up to and including 5.3.9 of the Laybuy Payment Extension a medium severity vulnerability CVE-2024-37203 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels. Currently there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37203.
Read more E-commerceIn WooCommerce Customers Order History plugin versions up to 5.2.2 a medium severity vulnerability CVE-2024-37201 was detected. This issue allows attackers to misuse access control settings. Currently, there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37201.
Read more E-commerce