In SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-45392 was detected. This vulnerability allows attackers to delete records via the API due to insufficient access control checks. To fix this issue users must upgrade to versions 7.14.5 and 8.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45392.
Read more CRM
In Magento’s all versions a medium severity vulnerability CVE-2024-4812 was detected. This vulnerability allows storing malicious JavaScript code in the “Description” field of a user account, which can be executed when opening certain pages like Host Collections. To fix this issue, users must upgrade Magento to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4812.
Read more E-commerce
In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, and 2.4.4-p8 a critical severity vulnerability CVE-2024-34102 was detected. This allows attackers to execute unauthorized code on the server or access sensitive information by sending malicious XML documents, without needing any user interaction. To fix this problem, users should upgrade Magento Adobe Commerce to version 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-34102.
Read more E-commerce
In WordPress versions up to 2.1.0 a medium severity vulnerability CVE-2024-7848 was detected. This vulnerability allows authenticated users, even with low-level access, to access other users’ private files due to improper validation. To fix this issue, users must upgrade WordPress to the latest version. For more details, visit: https://nvd.nist.gov/vuln/detail/CVE-2024-7848.
Read more CMS
In Joomla versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, and 5.0.0-5.1.2 a low severity vulnerability CVE-2024-40743 was detected. The stripImages and stripIframes methods didn’t handle inputs correctly, allowing for XSS attacks. To fix this problem, users should upgrade to version 3.10.17-elts, 4.4.7, or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-40743.
Read more CMS
In Joomla versions 3.4.6-3.10.16-elts, 4.0.0-4.4.6, and 5.0.0-5.1.2 a low severity vulnerability CVE-2024-27184 was detected. If a URL isn’t carefully checked, it might not be clear whether a link is leading someone to a safe, internal page or an external, potentially risky site. To fix this problem, users should upgrade to version 3.10.17-elts, 4.4.7, or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-27184.
Read more CMS
In Joomla versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 a critical severity vulnerability CVE-2024-27185 was detected. The pagination class incorporates arbitrary parameters into links, potentially enabling cache poisoning attacks. To fix this problem, users should upgrade to version 3.10.17-elts, 4.4.7, or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-27185.
Read more CMS
In Ghost versions from 4.46.0 before 5.89.4 a medium severity vulnerability CVE-2024-43409 was detected. This vulnerability allows attackers to access member-only information and perform actions meant for registered users, potentially exposing personal data. To fix this problem, users should upgrade Ghost to version 5.89.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43409.
Read more CMS
In WooCommerce versions prior from n/a through 9.1.2 a medium severity vulnerability CVE-2024-39666 was detected. This security flaw allows hackers to insert harmful code into web pages. To fix this problem, users should upgrade to WooCommerce version 9.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39666.
Read more E-commerce