In NGINX OpenID Connect versions 1.3.0 to 1.9.2, 1.12.5 and earlier, 2.2.1 to 2.4.2, 3.0.0 to 3.7.0, and 2.5.0 to 2.17.3 a medium severity vulnerability CVE-2024-10318 was detected. This vulnerability allows attackers to fix a victim’s session to an attacker-controlled account, leading to potential misuse of the victim’s session. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10318.
Read more Application Development
In WordPress in all versions up to and including 2.2.13 a high severity vulnerability CVE-2024-10028 was detected. This vulnerability allows attackers to access and download a site’s backup file by exposing sensitive information during the backup process. To fix this problem, users should upgrade to version 2.2.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10028.
Read more CMS
In WordPress in all versions up to and including 1.1.35 a high severity vulnerability CVE-2024-10020 was detected. This vulnerability allows attackers to log in as any user by exploiting weak verification in the social login process, potentially compromising accounts if the social login is enabled for administrators. To fix this problem, users should upgrade to version 1.1.36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10020.
Read more CMS
In WordPress in all versions up to and including 2.7.7 a high severity vulnerability CVE-2024-10114 was detected. This vulnerability allows attackers to bypass authentication and log in as any user, including administrators, by exploiting insufficient verification in the social login process. To fix this problem, users should upgrade to the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10114.
Read more CMS
In WordPress in all versions up to and including 1.5.1 a high severity vulnerability CVE-2024-10711 was detected. This vulnerability allows attackers to update site settings through a forged request, potentially enabling privilege escalation if an administrator is tricked into clicking a malicious link. To fix this problem, users should upgrade to version 1.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10711.
Read more CMS
In WordPress in all versions up to and including 3.2.6 a medium severity vulnerability CVE-2024-8323 was detected. This vulnerability allows attackers with Contributor access or higher to inject malicious scripts into pages, which execute when a user visits an affected page. To fix this problem, users should upgrade to version 3.2.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8323.
Read more CMS
In WooCommerce versions up to and including 5.3.9 of the Laybuy Payment Extension a medium severity vulnerability CVE-2024-37203 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels. Currently there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37203.
Read more E-commerce
In WooCommerce Customers Order History plugin versions up to 5.2.2 a medium severity vulnerability CVE-2024-37201 was detected. This issue allows attackers to misuse access control settings. Currently, there is no fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37201.
Read more E-commerce
In iTop versions prior to 2.7.11, from 3.0.0 up to 3.0.5, and from 3.1.0 up to 3.1.2 a medium severity vulnerability CVE-2024-49367 was found. This vulnerability allows low-privileged users create HTTP requests as the server. The issue was fixed by limiting access in the user portal to only safe functions. To address this issue, upgrade to versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-49367.
Read more IT Business Management