6.1
CVE-2024-7574 - Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious weβ¦
5.3
CVE-2024-5801 - IP Forwarding enabled in B&R Automation Runtime
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering.
8.3
CVE-2024-5800 - Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
6.1
CVE-2024-7649 - Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting
The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scriptsβ¦
4.3
CVE-2024-7648 - Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access anβ¦
9.8
CVE-2024-7503 - WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'woo_slg_confirm_email_user' function. This makes it possible for unauthenticated attackers toβ¦
3.3
CVE-2024-6692 - Easy Digital Downloads β Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) β¦
The Easy Digital Downloads β Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escapinβ¦
5.4
CVE-2024-7621 - Visual Website Collaboration, Feedback & Project Management β Atarim <= 4.0.2 - Missing Authorizatiβ¦
The Visual Website Collaboration, Feedback & Project Management β Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible foβ¦
4.4
CVE-2024-6691 - Easy Digital Downloads β Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) β¦
The Easy Digital Downloads β Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. Thiβ¦
7.5
CVE-2024-42473 - OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. β¦