In Consul Community Edition versions from 1.9.0 to 1.20.0 and Consul Enterprise versions 1.9.0 up to 1.20.0, 1.19.2, 1.18.4, and 1.15.14 a medium severity vulnerability CVE-2024-10005 was detected. This vulnerability allows attackers to bypass HTTP request path-based access controls in Layer 7 (L7) traffic intentions due to inadequate path normalization, potentially enabling unauthorized access to restricted HTTP paths. To fix this issue, users should upgrade Consul Community Edition to version 1.20.1 and Consul Enterprise to version 1.20.1, 1.19.3, 1.18.5, and 1.15.15. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10005.
Read more Networking
In AppSmith Community versions 1.8.3 up to (but not including) 1.46 a high severity vulnerability CVE-2024-51408 was detected. This vulnerability allows attackers to trick the app into sending requests to internal servers, potentially giving them access to sensitive data like AWS credentials. To fix this issue, users should upgrade AppSmith Community to version 1.46. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51408.
Read more Application Development
In Waitlist plugin for WooCommerce versions up to 2.6 a medium severity vulnerability CVE-2024-43134 was detected. This vulnerability allows attackers to gain unauthorized access to certain WooCommerce waitlist features by exploiting improper security settings. To fix this issue, users should upgrade Waitlist WooCommerce plugin to version 2.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43134.
Read more E-commerce
In Print Barcode Labels plugin for WooCommerce versions up to 3.4.9 a medium severity vulnerability CVE-2024-43310 was detected. This vulnerability allows attackers to gain unauthorized access to barcode printing features for WooCommerce products and orders. To fix this issue, users should upgrade Print Barcode Labels plugin for WooCommerce to version 3.4.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43310.
Read more E-commerce
In WPClever WPC Frequently Bought Together plugin for WooCommerce versions up to 7.1.9 a medium severity vulnerability CVE-2024-43312 was detected. This vulnerability allows attackers to gain unauthorized access to features of the WPC Frequently Bought Together plugin for WooCommerce by exploiting weak access control settings, potentially letting them manipulate or view sensitive data related to purchased products. To fix this issue, users should upgrade WPClever WPC Frequently Bought Together plugin for WooCommerce to version 7.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43312.
Read more E-commerce
In Consul versions 1.9.0 and earlier than 1.20.1 a high severity vulnerability CVE-2024-10005 was detected. This vulnerability allows attackers to bypass HTTP request path-based access rules by using URL paths in L7 traffic intentions. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10005.
Read more Networking
In Umbraco CMS version 12.3.6 a medium severity vulnerability CVE-2024-10761 was detected. This issue allows attackers to exploit cross-site scripting (XSS) through the `culture` argument in the `/Umbraco/preview/frame?id{}` file of the Dashboard component. The exploit is publicly available and can be used remotely. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10761.
Read more CMS
In WooCommerce Multilingual & Multicurrency versions up to 5.3.6 a medium severity vulnerability CVE-2024-44006 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, potentially bypassing authorization controls. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-44006.
Read more E-commerce
In WooCommerce PDF Voucher plugin versions 4.9.4 and prior a high severity vulnerability CVE-2024-39650 was detected. This vulnerability allows missing capability checks in several functions, leading to unauthorized access. Unauthenticated attackers can exploit this to perform actions intended for admins. To fix this issue, users need to update to versions 4.9.5 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39650.
Read more E-commerce