In Vaultwarden versions before 1.32.5 a critical severity vulnerability CVE-2024-55225 was detected. This vulnerability allows attackers to impersonate users, including administrators, through a crafted authorization request. To address this issue, users should upgrade Vaultwarden to version 1.32.5 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55225.
Read more Security
In PostgreSQL versions before 17.1, 16.5, 15.9, 14.14, 13.17 and 12.21 a high severity vulnerability CVE-2024-10979 was detected. This vulnerability allows an unprivileged database user to change sensitive process environment variables (e.g., PATH). This often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. To address this issue, users should upgrade PostgreSQL to versions 17.1, 16.5, 15.9, 14.14, 13.17 or 12.21. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10979.
Read more Database
In pgAdmin versions prior to 7.0 a high severity vulnerability CVE-2023-1907 was detected. This vulnerability allows attackers to potentially attach users to another user’s session when multiple connection attempts occur simultaneously while logging into pgAdmin running in server mode using LDAP authentication. To address this issue, users should upgrade pgAdmin to version 7.0 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-1907.
In WordPress Webinar Plugin – WebinarPress versions up to 1.33.24 a high severity vulnerability CVE-2024-11270 was detected. This vulnerability allows authenticated attackers with subscriber-level access or higher to create arbitrary files via the ‘sync-import-imgs’ function, leading to potential remote code execution. To address this issue, users should upgrade to version 1.33.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11270.
Read more CMS
In Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.
Read more E-commerce
In Vaultwarden version 1.32.5 a low severity vulnerability CVE-2024-55226 was detected. This vulnerability allows attackers to execute authenticated reflected Cross-Site Scripting (XSS) attacks via the `/api/core/mod.rs` component. To address this issue, users should upgrade Vaultwarden to version 1.32.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55226.
Read more Security
In MIMO Woocommerce Order Tracking Plugin versions up to 1.0.2 a medium severity vulnerability CVE-2024-5769 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify shipper tracking settings due to missing capability checks on several functions. There is no patched version available at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5769.
Read more E-commerce
In Ultimate Gift Cards for WooCommerce Plugin versions up to 2.9.1 a high severity vulnerability CVE-2024-11423 was detected. This vulnerability allows unauthenticated attackers to modify gift card balances via several REST API endpoints, such as /wp-json/gifting/recharge-giftcard, without making a payment or purchasing anything. To address this issue, users should upgrade to version 2.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11423.
Read more E-commerce
In WordPress File Upload plugin versions up to 4.24.15 a critical vulnerability CVE-2024-11613 was detected. This allows unauthenticated attackers to execute remote code, read, and delete files due to improper sanitization of the ‘source’ parameter. To fix this issue, users must upgrade to version 4.25.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11613.
Read more CMS