In WooCommerce Multilingual & Multicurrency versions up to 5.3.6 a medium severity vulnerability CVE-2024-44006 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, potentially bypassing authorization controls. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-44006.
Read more E-commerce
In WooCommerce PDF Voucher plugin versions 4.9.4 and prior a high severity vulnerability CVE-2024-39650 was detected. This vulnerability allows missing capability checks in several functions, leading to unauthorized access. Unauthenticated attackers can exploit this to perform actions intended for admins. To fix this issue, users need to update to versions 4.9.5 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39650.
Read more E-commerce
In WooCommerce Product Delivery Date plugin versions 2.7.2 and prior a medium severity vulnerability CVE-2024-38702 was found. This vulnerability lacks authorization controls, allowing unauthorized access to functions that should be restricted by Access Control Lists (ACLs). To fix this issue, users need to update to versions 2.7.3 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38702.
Read more E-commerce
In Sentry version 6.0.9 a medium severity vulnerability CVE-2024-48743 was found. This vulnerability lets attackers exploit the “z” parameter to run unauthorized code remotely. At the time of publication of the CVE, no patch is available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-48743.
Read more Monitoring
In WordPress MDTF versions 1.3.3.4 and prior a critical severity vulnerability CVE-2024-50450 was found. This vulnerability allows attackers to inject malicious code, compromising system security. To fix this issue, users are advised to upgrade to version 1.3.3.5 and above. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-50450.
Read more CMS
In Foreman version 3.9.0 a medium severity vulnerability CVE-2024-8553 was detected. This vulnerability allows attackers to exploit loader macros to bypass access controls and read any database field if they have permission to create or view report templates. To fix this issue, users should update Foreman to version 3.9.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-8553.
Read more IT Business Management
In Vault Community versions from 1.2.0 up to 1.18.0 and Vault Enterprise versions from 1.2.0 up to 1.18.0, 1.17.7, 1.16.11 a medium severity vulnerability CVE-2024-8185 was detected. This vulnerability allows attackers to crash Vault clusters by sending too many requests to a specific API endpoint, which can use up all the available memory and disrupt the service. To fix this issue, users should update Vault Community to version 1.18.1 and Vault Enterprise to versions 1.18.1, 1.17.8, and 1.16.12. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8185.
Read more Security
In WooCommerce PDF Invoices & Packing Slips versions up to 3.8.6 a medium severity vulnerability CVE-2024-5042, was detected. This allows attackers to exploit incorrectly configured access control security levels, potentially leading to unauthorized access. To fix this issue, users must upgrade to version 3.8.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-50421.
Read more E-commerce
In Apache NiFi versions 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 a medium severity vulnerability CVE-2024-45477 was detected. This allows attackers to inject and execute arbitrary JavaScript code within the session context of an authenticated user authorized to configure a Parameter Context. To fix this issue, users must upgrade to Apache NiFi version 1.28.0 or 2.0.0-M4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45477.
Read more Data Analytics