In GitLab versions before 17.6.0 a low severity vulnerability CVE-2023-5117 was detected. This vulnerability allows attackers to access files uploaded to comments on confidential issues and epics of public projects without authentication via a direct link to the uploaded file URL. To address this issue, users should upgrade to version 17.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-5117.
Read more Developer Tools
In WPForms WordPress plugin versions prior to 1.9.2.3 a medium severity vulnerability CVE-2024-11223 was detected. This vulnerability allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disabled (e.g., in multisite setups). To address this issue, users should upgrade to version 1.9.2.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11223.
Read more CMS
In Broken Link Checker WordPress plugin versions prior to 2.4.2 a high severity vulnerability CVE-2024-10903 was detected. This vulnerability allows admin users to perform Server-Side Request Forgery (SSRF) attacks by exploiting unvalidated link URLs, potentially compromising multisite installations. To address this issue, users should upgrade to version 2.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10903.
Read more CMS
In the Avada (Fusion) Builder plugin for WordPress versions up to 3.11.12 a medium severity vulnerability CVE-2024-12335 was detected. This vulnerability allows attackers with contributor-level access or higher to access sensitive information from protected, private, or draft posts in WordPress. To fix this issue, users should upgrade Avada (Fusion) Builder plugin for WordPress to version 3.11.13. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12335.
Read more CMS
In Gogs versions prior to 0.13.1 a high severity vulnerability CVE-2024-55947 was detected. This vulnerability allows attackers to create files in any location on the server, which can lead to unauthorized SSH access. To address this issue, users should upgrade Gogs to version 0.13.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55947.
Read more Developer Tools
In Gogs versions prior to 0.13.1 a critical severity vulnerability CVE-2024-54148 was detected. This vulnerability allows attackers to commit and edit a crafted symlink file in a repository to gain unauthorized SSH access to the server. To address this issue, users should upgrade Gogs to version 0.13.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54148.
Read more Developer Tools
In WordPress Simple Shopping Cart plugin versions 5.0.7 and prior a medium severity vulnerability CVE-2024-12622 was detected. This vulnerability lets users with contributor-level access or higher add harmful scripts through the ‘wp_cart_button’ and ‘wp_cart_display_product’ shortcodes. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12622.
Read more CMS
In Tracking Code Manager plugin versions 2.3.0 and prior a medium severity vulnerability CVE-2024-8721 was detected. This vulnerability allows users with Contributor-level access or higher add harmful scripts through the tracking code field, which will execute whenever a user accesses an injected page. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8721.
Read more CMS
In WP Datepicker plugin versions 2.1.4 and prior a medium severity vulnerability CVE-2024-12468 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘wpdp_get_selected_datepicker’ parameter, which execute if they successfully trick a user into performing an action such as clicking on a link. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12468.
Read more CMS