In Liferay Portal versions 7.3.2 through 7.4.3.107 and Liferay DXP versions from 2023.Q4.0 through 2023.Q4.2 and 2023.Q3.1 through 2023.Q3.5 a high severity vulnerability CVE-2024-26272 was detected. This vulnerability allows attackers to take control of the system, change passwords, shut it down, and run harmful commands remotely. To fix this issue, users should upgrade the Liferay Portal to version 7.4.3.108, Liferay DXP to versions 2024.Q1.1, 2023.Q4.3, 2023.Q3.6, 7.3 Update 36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-26272.
Read more CMS
In WordPress versions before 6.0.2 a medium severity vulnerability CVE-2024-4973 was detected. This vulnerability allows attackers to insert malicious code into posts or pages, which runs when someone views them, potentially compromising the site’s security. To fix this issue, users should upgrade WordPress to version 6.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-4973.
Read more CMS
In WordPress versions up to and including 2.0.6 a high severity vulnerability CVE-2024-4443 was detected. This vulnerability allows attackers to create malicious files on the site, potentially giving them control over the website. To fix this issue, users should upgrade WordPress to version 6.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-4443.
Read more CMS
In WordPress versions 1.8.0 and prior a high severity vulnerability CVE-2024-47304 was found. SQL Injection allows attackers to access sensitive data without authorization, posing a serious risk to confidentiality. Although the potential for data alteration or service disruption is low, the exposure of information could still compromise the security of the system. To fix this issue, users are advised to upgrade to version 1.8.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-47304.
Read more CMS
In Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a high severity vulnerability CVE-2024-45133 was detected. This vulnerability allows attackers with admin access to bypass security features, potentially exposing sensitive information and enabling further attacks. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45133.
Read more E-commerce
In Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a medium severity vulnerability CVE-2024-45130 was detected. This vulnerability allows attackers with limited access to bypass security restrictions and perform unauthorized actions within the system. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45130.
Read more E-commerce
In Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a medium severity vulnerability CVE-2024-45131 was detected. This vulnerability allows attackers with limited access to bypass security restrictions and potentially access sensitive information or perform unauthorized actions within Adobe Commerce. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45131.
Read more E-commerce
In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a medium severity vulnerability CVE-2024-45135 was detected. This vulnerability allows attackers with admin access to bypass security measures in Adobe Commerce, so it’s essential to upgrade and review admin rights regularly. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45135.
Read more E-commerce
In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a low severity vulnerability CVE-2024-45134 was detected. This vulnerability allows an admin attacker to bypass security features, potentially exposing sensitive information and aiding further attacks. To fix this problem, users should upgrade to version 2.4.7-p3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45134.
Read more E-commerce