Security Vulnerabilities - CVEs Published In June 2024
Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-06-24
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7.
CVSS Score
9.9
EPSS Score
0.011
Published
2024-06-24
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-06-24
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.
CVSS Score
10.0
EPSS Score
0.008
Published
2024-06-24
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2.
CVSS Score
9.9
EPSS Score
0.081
Published
2024-06-24
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
CVSS Score
9.0
EPSS Score
0.01
Published
2024-06-24
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.742
Published
2024-06-24
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.
CVSS Score
8.2
EPSS Score
0.001
Published
2024-06-24
XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.
CVSS Score
6.1
EPSS Score
0.323
Published
2024-06-24
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-24