In WordPress Core versions up to 6.5.5 a medium severity vulnerability CVE-2024-6307 was detected. This vulnerability allows attackers to insert harmful web scripts into pages. These scripts can run whenever a user visits the affected page. To fix this problem, users should upgrade WordPress Core to one of the following versions: 5.9.10, 6.0.9, 6.1.7, 6.2.6, 6.3.5, 6.4.5 or 6.5.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6307.
Read more CMS
In WordPress versions from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, and from 5.9 through 5.9.9 a medium severity vulnerability CVE-2024-31111 was detected. This vulnerability allows attackers to insert harmful web scripts into pages to gain access to the system and sensitive information. To fix this problem, users should upgrade WordPress to version 6.5.5 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-31111.
Read more CMS
In WordPress version 6.5.5 a medium severity vulnerability CVE-2024-6305 was detected. This vulnerability allows attackers to inject arbitrary web scripts. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6305/.
Read more CMS
In WordPress version 6.5.5 a medium severity vulnerability CVE-2024-6306 was detected. This vulnerability allows attackers to include arbitrary HTML Files on sites running Windows. There is no fix for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6306/.
Read more CMS
In the Dolibarr version 19.0.1 a low severity vulnerability CVE-2024-37821 was detected. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SQL file. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37821/.
Read more ERP
In Ghost all versions through 5.85.1 a low severity vulnerability CVE-2024-34451 was detected. This flaw lets hackers bypass login attempt limits using multiple fake headers, but it can be avoided by setting up a reverse proxy to only accept trusted headers. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34451/.
Read more CMS
In SuiteCRM versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36414 was detected. This vulnerability allows attackers to perform a server-side request forgery attack. To address this issue, users must install the fix in the versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36414/.
Read more CRM
In SuiteCRM prior to versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36413 was detected. A weakness in the import module error view allows XSS attacks due to improper input sanitization. To address this issue, users should update SuiteCRM to versions 7.14.4 or 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36413.
Read more CRM
In SuiteCRM versions prior to 7.14.4 and prior to 8.6.1 a high severity vulnerability CVE-2024-36415 was detected. This flaw in the product’s file upload system allows attackers to upload harmful files that can be executed, potentially compromising the system. This issue was resolved in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36415/.
Read more CRM