Category: Bulletins

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info access_management_specialist_project — access_management_specialist  An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. 2024-06-24 7.5 CVE-2024-37677cve@mitre.org…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 3uu–Shariff Wrapper  The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info actpro — extra_product_options_for_woocommerce  Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. 2024-06-10 8.8 CVE-2024-35727audit@patchstack.com…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core:…

Read more →

< div id=”high_v”>   High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info ASKEY–5G NR Small Cell  ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info ASUS–ExpertWiFi  ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. 2024-05-17 9.8 CVE-2024-33552audit@patchstack.com 8theme–XStore Core  Unrestricted…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912audit@patchstack.com brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912audit@patchstack.com brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme — xstore Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a…

Read more →