Vulnerability Summary for the Week of December 9, 2024

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
n/a — n/a	The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.	2024-12-12	9.8	CVE-2024-10124
n/a — n/a	The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the ‘authenticate_user’ user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.	2024-12-12	9.8	CVE-2024-11015
gfi — archiver	GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability al […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of December 9, 2024 Related Tags: Bulletins EN Post navigation ← Cl0p Ransomware Exploits Cleo Vulnerability, Threatens Data Leaks Webinar Tomorrow: Navigating your OT Cybersecurity Journey: From Assessment to Implementation → Search for: Social Social Media Daily summary Weekly summary Privacy Policy Legal & Contact Contact Apps Advertising Daily Summary Enter your email address: GDPR compliance Categories Categories Log in Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Primary
Vendor — Product

Description

Published

CVSS Score

Source Info

n/a — n/a

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.

2024-12-12

9.8

CVE-2024-10124

n/a — n/a

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the ‘authenticate_user’ user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.

2024-12-12

9.8

CVE-2024-11015

gfi — archiver

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability al

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of December 9, 2024

← Cl0p Ransomware Exploits Cleo Vulnerability, Threatens Data Leaks

Webinar Tomorrow: Navigating your OT Cybersecurity Journey: From Assessment to Implementation →

High Vulnerabilities

Read the original article:

Related

Post navigation