

New ‘ToxicPanda’ Android Banking Trojan Facilitates Fraudulent Money Transfers – Active IOCs
November 6, 2024
CVE-2024-10523 – TP-Link IoT Smart Hub Vulnerability
November 6, 2024
New ‘ToxicPanda’ Android Banking Trojan Facilitates Fraudulent Money Transfers – Active IOCs
November 6, 2024
CVE-2024-10523 – TP-Link IoT Smart Hub Vulnerability
November 6, 2024Severity
High
Analysis Summary
CVE-2024-38726 CVSS:7.5
Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.
CVE-2024-38744 CVSS:8.3
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.
CVE-2024-39650 CVSS:7.3
Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.
CVE-2024-39664 CVSS:7.3
Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.
CVE-2024-43158 CVSS:7.5
Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.
CVE-2024-43212 CVSS:7.5
Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.
CVE-2024-43235 CVSS:7.1
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.
CVE-2024-43982 CVSS:8.8
Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.
CVE-2024-37094 CVSS:8.2
Access Control vulnerability in StylemixThemes MasterStudy LMS allows.
Impact
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-38726
- CVE-2024-38744
- CVE-2024-39650
- CVE-2024-39664
- CVE-2024-43158
- CVE-2024-43212
- CVE-2024-43235
- CVE-2024-43982
- CVE-2024-37094
Affected Vendors
Affected Products
- PickPlugins Product Designer - n/a
- WPWeb Elite WooCommerce PDF Vouchers - n/a
- Masteriyo Masteriyo - LMS - n/a
- MagePeople Team WpTravelly - n/a
- MetaBox.io Meta Box – WordPress Custom Fields Framework - n/a
- Geek Code Lab Login As Users - n/a
- StylemixThemes MasterStudy LMS - n/a
- Spin Wheel and Email Pop-up - n/a
- YMC Filter and Grids - n/a
Remediation
Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.