In Download Manager WordPress plugin versions before 3.3.03 a medium severity vulnerability CVE-2024-10706 was detected. This vulnerability allows attackers to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed (for example in multisite setups). To address this issue, users should upgrade Download Manager plugin to version 3.3.03 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10706.
Read more CMS
In Ebook Store plugin versions 5.8001 and prior a medium severity vulnerability CVE-2024-12262 was detected. This vulnerability allows attackers to inject arbitrary web scripts via the ‘step’ parameter due to insufficient input sanitization and output escaping. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12262.
Read more CMS
In Elementor Header & Footer Builder plugin versions 1.6.46 and prior a medium severity vulnerability CVE-2024-11230 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the ‘size’ parameter, which will execute whenever a user accesses an injected page. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11230.
Read more CMS
In the LaTeX2HTML plugin for WordPress all versions up to 2.5.5 a medium severity vulnerability CVE-2024-11688 was detected. This vulnerability allows attackers to execute arbitrary scripts in the context of the user’s browser, potentially leading to session hijacking, defacement, or other malicious activities. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11688.
Read more CMS
In the real.Kit plugin for WordPress all versions up to 5.1.1 a medium severity vulnerability CVE-2024-12697 was detected. This vulnerability allows attackers with certain access to add harmful scripts to a website. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12697.
Read more CMS
In Discourse instances configured to use `FileStore::LocalStore` versions stable 3.3.2 and prior; beta 3.4.0.beta3 and prior; tests-passed 3.4.0.beta3 and prior a high severity vulnerability CVE-2024-53991 was detected. This vulnerability allows attackers to access Discourse backup files if they know the file name by crafting specific requests to nginx. To address this issue, users should upgrade to the stable 3.3.3 or above; beta 3.4.0.beta4 or above, or tests-passed 3.4.0.beta4 or above versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53991.
Read more Communication
In Discourse versions stable 3.3.2 and prior; beta 3.4.0.beta3 and prior; tests-passed 3.4.0.beta3 and prior a medium severity vulnerability CVE-2024-52794 was detected. This vulnerability allows attackers to target users clicking on lightbox thumbnails. To address this issue, users must upgrade Discourse to the stable 3.3.3 or above; beta 3.4.0.beta4 or above; tests-passed 3.4.0.beta4 or above versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52794.
Read more Communication
In Discourse versions stable 3.3.2 and prior; beta 3.4.0.beta3 and prior; tests-passed 3.4.0.beta3 and prior a low severity vulnerability CVE-2024-52589 was detected. This vulnerability allows moderators to view user email addresses through the Screened Emails list in the admin dashboard. To address this issue, users should upgrade Discourse to the stable 3.3.3 or above; beta 3.4.0.beta4 or above; tests-passed 3.4.0.beta4 or above versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52589.
Read more Communication
In Discourse versions stable 3.3.2 and prior; beta 3.4.0.beta3 and prior; tests-passed 3.4.0.beta3 and prior a medium severity vulnerability CVE-2024-49765 was detected. This vulnerability allows attackers to bypass Discourse Connect and create accounts or log in if local login methods are still enabled. To address this issue, users should upgrade Discourse to the stable 3.3.3 or above; beta 3.4.0.beta4 or above; tests-passed 3.4.0.beta4 or above versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-49765.
Read more Communication