Business and Enterprise Solutions

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a high severity vulnerability CVE-2024-45132 was detected. This vulnerability allows attackers to gain unauthorized access to higher privileges, potentially compromising sensitive information. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45132.

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45149 was detected. This vulnerability allows low-privileged attackers to bypass security features, potentially compromising confidentiality. Exploitation does not require user interaction. Currently, there is no fix version for this issue.For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45149.

In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45148 was detected. This vulnerability allows attackers to bypass security features and gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45148.

In WordPress Simple HTML Sitemap versions up to and including 3.1 a high severity vulnerability CVE-2024-7385 was detected. This vulnerability allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries via the ‘id’ parameter, which could be used to extract sensitive information from the database. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7385.

In WordPress MDTF plugin versions up to, and including, 1.3.3.3 a high severity vulnerability CVE-2024-8623 was detected. This vulnerability allows attackers to execute arbitrary shortcodes due to improper validation of input values before running the `do_shortcode` function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8623.

In WordPress versions up to and including 1.3.3.3 a critical severity vulnerability CVE-2024-8624 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to perform SQL Injection via the ‘meta_key’ attribute in the MDTF plugin for WordPress, potentially exposing sensitive database information. To fix this problem, users should upgrade to version 1.3.3.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8624.

In Mautic versions from 1.0.0-beta2 to 4.4.11 a critical severity vulnerability CVE-2021-27915 was detected. This vulnerability allows logged-in users with appropriate permissions to exploit XSS vulnerabilities in the description fields. This could result in elevated access to the system. To fix this issue, upgrade to version 4.4.12 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27915.

In Mautic versions 1.0.0-beta4 to 4.4.12 and 5.0.0-alpha to 5.1.0 (mautic/core and mautic/core-lib via Composer) a high severity vulnerability CVE-2021-27917 was detected. This stored XSS vulnerability allows attackers to inject malicious scripts into the contact tracking and page hits report, potentially compromising sensitive data. To fix this issue, users must upgrade to versions 4.4.13 or 5.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2021-27917.

In Mautic versions 1.0.2 to 4.4.11 and 5.0.0-alpha to 5.0.3 a high severity vulnerability CVE-2022-25776 was detected. This vulnerability allows attackers to access restricted areas of the application, potentially exposing sensitive data such as names, surnames, company names, and stage names. To fix this issue, users must upgrade to version 4.4.12 or 5.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-25776.