In WooCommerce version 5.0.4 a medium severity vulnerability CVE-2024-35748 was detected. This vulnerability allows attackers to get access without an authorization check. There is no solution yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35748/.
Read more E-commerce
In Ghost versions from the beginning up to 1.4.0 a high severity vulnerability CVE-2024-34559 was detected. To protect sensitive information, it’s essential to adjust log settings properly before releasing a product. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34559/.
Read more CMS
In WordPress a high severity vulnerability CVE-2024-31210 was detected. Administrative users in WordPress may unintentionally upload harmful files when adding new plugins, potentially leading to unauthorized execution of code. However, this mainly affects high-level administrators and multi-site setups, with lower-level users and sites with specific security configurations being unaffected. This vulnerability is resolved in WordPress version 6.4.3 and backported to versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31210/.
Read more CMS
In WordPress versions from 6.4.0 to 6.4.2 a medium severity vulnerability CVE-2024-31211 was detected. The product deserializes untrusted data without sufficient verification, compromising data integrity and exposing it to manipulation. Attackers can exploit “gadget chains” during deserialization to execute unauthorized actions, posing serious security risks. This issue is resolved in WordPress version 6.4.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-31211/.
Read more CMS
In Mautic versions up to 4.4.9 a medium severity vulnerability CVE-2024-2730 was detected. Unpublished landing pages can be accessed through public preview URLs, even by people who aren’t logged in. This could potentially leak sensitive information. There’s no fix available for this issue at the moment. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2730/.
Read more Marketing Automation
In Mautic a medium severity vulnerability CVE-2024-2731 was detected. Users with low privileges, having all permissions deselected, can access pages revealing sensitive data such as company names, users’ names and surnames, stage names, monitoring campaigns, and their descriptions. Additionally, unprivileged users can view and modify tag descriptions. At the time of publication of the CVE no patch is available. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2731/.
Read more Marketing Automation
In Mautic a medium severity vulnerability CVE-2024-3448 was detected. This vulnerability allows users with low privileges to improperly perform certain AJAX actions, resulting in a Server-Side Request Forgery. Attackers can exploit this vulnerability to analyze error messages and conduct a port scan in the back-end. At the time of publication of the CVE no patch is available. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3448/.
Read more Marketing Automation
In Ghost through 5.76.0 version a low severity vulnerability CVE-2024-23724 was detected. Due to this vulnerability, someone could use a special image to run harmful code, potentially taking control of any account. Currently, there is no fix version for this issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-23724/.
Read more CMS
In Dolibarr a critical security vulnerability CVE-2024-29477 was detected. This vulnerability allows attackers to access your network and execute malicious code during installation. The issue is resolved in Dolibarr version 19.0.1 or newer. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29477.
Read more ERP