Sep 11, 2024 – Vulnerability Alerts!

Cyber Vulnerabilities: A Day Filled with Risky Revelations

Well, well, well! It seems the cyber world has been quite the bustling bazaar of vulnerabilities today. If you thought you’d seen it all, think again! Here are some of the juiciest vulnerabilities reported in the last 24 hours. Just a friendly reminder: this is not an exhaustive list. If you’re interested in live alerts as they arrive, do give us a shout!

CVE-2024-6091 – Apache Autogpt Command Bypass

Severity: 9.8 | CRITICAL
A vulnerability in significant-gravitas/autogpt version 0.5.1 has been identified. It allows attackers to bypass shell command denylist settings. So, if you thought denying ‘whoami’ was clever, think again! The crafty attackers can just modify the path to play a sneaky game of cat and mouse. You can read more here.

CVE-2024-8277 – WooCommerce Photo Reviews Plugin Auth Bypass

Severity: 9.8 | CRITICAL
The WooCommerce Photo Reviews Premium plugin for WordPress is playing a dangerous game by allowing unauthenticated attackers to log in as whoever dismissed an admin notice over the last 30 days. Think of it as the digital equivalent of leaving your door open. You can check out the full details here.

CVE-2024-7626 – WP Delicious Recipe Plugin Vulnerability

Severity: 8.1 | HIGH
It looks like the WP Delicious Recipe Plugin for WordPress is serving up a side of arbitrary file movement and reading – not the kind of recipe anyone wants. Attackers can cleverly move files that could lead to a remote code execution. Recipe for disaster indeed! More info can be found here.

CVE-2024-8253 – Post Grid and Gutenberg Blocks Plugin Privilege Escalation

Severity: 8.8 | HIGH
This time the Post Grid and Gutenberg Blocks plugin for WordPress is not holding the line on user permissions correctly. It’s like giving the keys to the castle to anyone with a subscriber level access. What’s next? The puppy gets to manage the server? The full scoop is right here.

CVE-2024-21529 – dset Prototype Pollution Vulnerability

Severity: 8.2 | HIGH
Versions of the package dset prior to 3.1.4 are proving that even simple code can lead to complex issues. If you’re running an outdated version, attackers could inject harmful properties using the built-in Object property. A risk, to say the least! Read all about it here.

CVE-2024-43690 – Schneider Electric Command Centre RCE

Severity: 8.0 | HIGH
The Command Centre Server and Workstations have a gaping hole that allows attackers to perform Remote Code Execution (RCE). Let’s just say this isn’t a good look for Schneider. If you want more details on this threatening issue, click here.

That’s a wrap for today’s round-up of alarming alerts! Stay safe, update regularly, and remember, when it comes to cyber security, it’s better to be safe than sorry!

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Adam Cooke
Adam Cooke
As the Operations and Compliance Manager, Adam oversees all aspects of the business, ensuring operational efficiency and regulatory compliance. Committed to high standards, he ensures everyone is heard and supported. With a strong background in the railway industry, Adam values rigorous standards and safety. Outside of work, he enjoys dog walking, gardening, and exploring new places and cuisines.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue