A vulnerability, which was classified as problematic, was found in bestwpdeveloper BWD Elementor Addons Plugin up to 4.3.18 on WordPress. Affected is an unknown function of the file widgets/bwdeb-content-switcher.php of the component Template Data Handler. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2024-12532. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
A vulnerability has been found in Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress and classified as very critical. Affected by this vulnerability is the function Include/Require. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion').
This vulnerability is known as CVE-2024-49649. The attack can be launched remotely. There is no exploit available.
A vulnerability, which was classified as problematic, was found in bestwpdeveloper BWD Elementor Addons Plugin up to 4.3.18 on WordPress. Affected is an unknown function of the file widgets/bwdeb-content-switcher.php of the component Template Data Handler. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2024-12532. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
根据 Statcounter 的统计,距离 Windows 10 停止支持只剩下 10 个月,但它的市场份额仍然超过六成。由于微软提高了 Windows 11 的硬件需求,现有的 Windows 10 电脑基本上不太可能升级到新操作系统,这意味着到今年 10 月 14 日之后,可能会有数以亿计的计算机面临不再收到安全更新的问题。对此微软的建议是换电脑。微软执行副总裁 Yusuf Mehdi 在官方博客上表示,是时候迁移到新 Windows 11 PC 了,宣称使用新 Windows 11 PC 能获得更好的安全性、更高的性能,以及受益于“AI”。
A vulnerability has been found in Aruba Networks ArubaOS and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2017-9003. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in themescoder Themes Coder Plugin up to 1.3.4 on WordPress. It has been rated as critical. Affected by this issue is the function update_user_profile. The manipulation leads to authentication bypass using alternate channel.
This vulnerability is handled as CVE-2024-12402. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability classified as critical has been found in delabon Live Sales Notification for Woocommerce Plugin up to 3.6.1 on WordPress. This affects an unknown part of the component Cookie Handler. The manipulation of the argument woomotiv_seen_products_ leads to sql injection.
This vulnerability is uniquely identified as CVE-2024-12416. It is possible to initiate the attack remotely. There is no exploit available.
A vulnerability was found in solwininfotech Timeline Designer Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation of the argument s leads to sql injection.
This vulnerability is uniquely identified as CVE-2024-11437. It is possible to initiate the attack remotely. There is no exploit available.
A vulnerability, which was classified as critical, has been found in tobias_conrad Design for Contact Form 7 Style Plugin up to 1.6.9 on WordPress. This issue affects the function do_shortcode of the component Shortcode Handler. The manipulation leads to code injection.
The identification of this vulnerability is CVE-2024-12419. The attack may be initiated remotely. There is no exploit available.
A vulnerability was found in binsaifullah Duplicate Post, Page and Any Custom Post plugin up to 3.5.3 on WordPress. It has been rated as problematic. This issue affects the function dpp_duplicate_as_draft of the component Password Protected Post Handler. The manipulation leads to information disclosure.
The identification of this vulnerability is CVE-2024-12538. The attack may be initiated remotely. There is no exploit available.
Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected […]