5.4
CVE-2024-13273 - Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.
9.8
CVE-2024-10215 - WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticatβ¦
6.3
CVE-2024-13272 - Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036
Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.
4.3
CVE-2024-13271 - Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035
Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4.
4.3
CVE-2024-13270 - Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034
Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.
5.3
CVE-2024-13269 - Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11.
6.8
CVE-2024-13268 - Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23.
7.5
CVE-2024-13267 - Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3.
5.3
CVE-2024-13266 - Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030
Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4.
7.5
CVE-2024-13265 - Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2.