Vulnerability Summary for the Week of April 29, 2024

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
8theme — xstore	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.	2024-04-29	9.3	CVE-2024-33559 audit@patchstack.com
8theme — xstore	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5.	2024-04-29	7.1	CVE-2024-33562 audit@patchstack.com
8theme — xstore_core	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of April 29, 2024 Related Tags: Bulletins EN Post navigation ← RSAC: 70% of Businesses Prioritize Innovation Over Security in Generative AI Projects Mastodon delays fix for link previews DDoSing websites → Search for: IT Security News (EN) Hackers Exploiting Docusign With Phishing Attack To Steal Credentials May 19, 2024 IT Security News Daily Summary 2024-05-18 May 18, 2024 How Attackers Distribute Malware to Foxit PDF Reader Users May 18, 2024 An attorney says she saw her library reading habits reflected in mobile ads. That’s not supposed to happen May 18, 2024 Quantum Navigation Systems: Safeguarding Against GPS Spoofing May 18, 2024 Capture the CISO Finals – Season 2 May 18, 2024 North Korea-linked IT workers infiltrated hundreds of US firms May 18, 2024 USENIX Security ’23 – Controlled Data Races In Enclaves: Attacks And Detection May 18, 2024 Wireshark 4.2.5 Released, (Sat, May 18th) May 18, 2024 Google Introduces Advanced Anti-Theft and Data Protection Features for Android Devices May 18, 2024 Self Proclaimed “Crypto King” Aiden Pleterski Charged With $30 Million Scam May 18, 2024 Gawd, after that week, we wonder what’s next for China and the Western world May 18, 2024 Surge in Cyber Attacks on German Businesses Costs Billions of Euros May 18, 2024 Scammers Use Phony DocuSign Templates to Blackmail and Defraud Companies May 18, 2024 From Crisis to Continuity: Ascension Ransomware’s Ongoing Toll on Healthcare May 18, 2024 Hamilton Library Struggles to Restore Services After Cyberattack May 18, 2024 What is Secure Code Review and How to Conduct it? May 18, 2024 US Official Warns a Cell Network Flaw Is Being Exploited for Spying May 18, 2024 Kimsuky Hackers Deploy New Linux Backdoor in Attacks on South Korea May 18, 2024 The who, where, and how of APT attacks – Week in security with Tony Anscombe May 18, 2024 IT Sicherheitsnews (DE) Gemini Live vs. GPT-4o: Die digitalen Assistenten der nächsten Generation im Showdown May 19, 2024 Sicherheit durch Kooperation May 19, 2024 IT Sicherheitsnews taegliche Zusammenfassung 2024-05-18 May 18, 2024 Wie beeinflusst das Internet unser Wohlbefinden? Das sind die Erkenntnisse einer globalen Studie May 18, 2024 Remotehilfe: Hacker missbrauchen Windows-Tool für Cyberangriffe May 18, 2024 Schutz gegen Raub: Android 15 bekommt Diebstahlerkennung May 18, 2024 Youtuber demonstriert: So unsicher ist Windows XP mit Internet im Jahr 2024 May 18, 2024 Ungeschützte API: Sicherheitslücke macht Studenten zu Wäsche-Millionären May 18, 2024 Instagram auch ohne Account nutzen: Mit diesem Trick geht’s May 18, 2024 Wandern 2.0: Die besten Apps, um die schönsten Wanderwege zu entdecken May 18, 2024 Daily Summary Enter your email address: GDPR compliance Categories Categories Meta Log in Entries feed Comments feed WordPress.org Copyright © 2024 IT Security News International (DE, EN). All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Primary
Vendor — Product

Description

Published

CVSS Score

Source & Patch Info

8theme — xstore

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.

2024-04-29

9.3

CVE-2024-33559
audit@patchstack.com

8theme — xstore

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5.

2024-04-29

7.1

CVE-2024-33562
audit@patchstack.com

8theme — xstore_core

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of April 29, 2024

← RSAC: 70% of Businesses Prioritize Innovation Over Security in Generative AI Projects

Mastodon delays fix for link previews DDoSing websites →


10.4K	8K	100+	500+

High Vulnerabilities

Read the original article:

Related

Post navigation