Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-18
Updated
2024-04-18
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-22
Updated
2024-04-22
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-22
Updated
2024-04-22
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue is only with html files served by Hydra. The issue has been patched on https://hydra.nixos.org around 2024-04-21 14:30 UTC. The nixpkgs package were fixed in unstable and 23.11. Users with custom Hydra packages can apply the fix commit to their local installations. The vulnerability is only triggered when opening HTML build artifacts, so not opening them until the vulnerability is fixed works around the issue.
Max CVSS
4.6
EPSS Score
0.05%
Published
2024-04-22
Updated
2024-04-23
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
Max CVSS
4.0
EPSS Score
0.04%
Published
2024-04-16
Updated
2024-04-16
Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-18
Updated
2024-04-18
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through 1.2.6.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a through 1.4.12.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-17
Updated
2024-04-17
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file.
Max CVSS
4.7
EPSS Score
0.04%
Published
2024-04-18
Updated
2024-04-19
Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-16
Updated
2024-04-17
Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more – Wappointment: from n/a through 2.6.0.
Max CVSS
4.4
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.4.2.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpTravelly.This issue affects WpTravelly: from n/a through 1.6.0.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads.Txt Admin.This issue affects Ads.Txt Admin: from n/a through 1.3.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker.This issue affects Download IP2Location Country Blocker: from n/a through 2.34.2.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client Reports.This issue affects WP Client Reports: from n/a through 1.0.22.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!