Alireza Gharib Blog

CVE ID : CVE-2024-54030 Published : Jan. 7, 2025, 8:15 a.m. | 1 hour, 11 minutes ago Description : in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free. Severity: 4.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-47398 Published : Jan. 7, 2025, 8:15 a.m. | 1 hour, 11 minutes ago Description : in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline,…

CVE ID : CVE-2024-12202 Published : Jan. 7, 2025, 8:15 a.m. | 1 hour, 11 minutes ago Description : The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘ironMusic_ajax’ function in all versions up to, and including, 3.6. This…

CVE ID : CVE-2024-11626 Published : Jan. 7, 2025, 8:15 a.m. | 1 hour, 11 minutes ago Description : Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, 15.2.8400. Severity: 8.4…

CVE ID : CVE-2024-11725 Published : Jan. 7, 2025, 7:15 a.m. | 2 hours, 11 minutes ago Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to,…

CVE ID : CVE-2024-12535 Published : Jan. 7, 2025, 6:15 a.m. | 3 hours, 11 minutes ago Description : The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the ‘phpinfo’ function in all versions up to, and including, 1.0.4. This makes it possible for…

CVE ID : CVE-2024-12471 Published : Jan. 7, 2025, 6:15 a.m. | 3 hours, 11 minutes ago Description : The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX…

CVE ID : CVE-2024-12470 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register…