Web Application Detections Published in September 2024

Hitesh Kadu
Hitesh Kadu, Senior, Web Application Security Signatures Engineer
- 5 min read

Last updated on: October 2, 2024

In September, Qualys released QIDs targeting vulnerabilities in several widely-used software products, including WordPress, Tiki Wiki CMS, Apache HTTP Server, XWiki, Apache OFBiz, Lunary-ai, GitLab, Adobe ColdFusion, Moodle CMS, Zimbra, JBoss EAP, Kibana, Drupal, Ivanti Endpoint Manager (EPM), Apache Tomcat, Joomla!, Nginx, Open Secure Sockets Layer (OpenSSL). Customers can get more details about the following QIDs in our knowledge base. Customers should review their reports for these detections. If any of the following are reported against their applications scanned, customers should follow the steps mentioned in the solution to ensure their systems are protected against the identified vulnerabilities.

QIDTitle
152148WordPress WPML Plugin: Remote Code Execution Vulnerability (CVE-2024-6386)
152150WordPress Bit Form Plugin: SQL Injection Vulnerability (CVE-2024-7702)
152151WordPress Bit Form Plugin: Arbitrary File Read And Delete Vulnerability (CVE-2024-7777)
152157WordPress LiquidPoll Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-7134)
152158WordPress GEO my WP Plugin: Local File Inclusion Vulnerability (CVE-2024-6330)
152159WordPress AI Engine Plugin: Remote Code Execution Vulnerability (CVE-2024-6451)
152162Tiki Wiki CMS Groupware PHP Object Injection Vulnerability (CVE-2023-22850)
152163WordPress Appointment Booking Calendar and Scheduling Plugin: Authentication Bypass Vulnerability (CVE-2024-7350)
152164WordPress Unite Gallery Lite Plugin: SQL Injection Vulnerability (CVE-2024-43207)
152166WordPress Zephyr Project Manager Plugin: Limited Privilege Escalation Vulnerability (CVE-2024-7624)
152167WordPress Chatbot with ChatGPT Plugin: SQL Injection Vulnerability (CVE-2024-6847)
152168Apache HTTP Server Denial of Service Vulnerability (CVE-2024-27316)
152169WordPress Ninja Forms Plugin: Reflected Cross-Site Scripting Vulnerability (CVE-2024-7354)
152171XWiki Improper Privilege Management Vulnerability (CVE-2024-43401)
152172WordPress Woffice Theme: Unauthenticated Privilege Escalation Vulnerability (CVE-2024-43153)
152173WordPress AdRotate Plugin: Arbitrary File Upload Vulnerability (CVE-2022-1206)
152174WordPress Theme Editor Plugin: PHAR Deserialization Vulnerability (CVE-2022-2440)
152175WordPress Funnelforms Plugin: Arbitrary File Upload Vulnerability (CVE-2024-6311)
152176WordPress MP3 Audio Player Plugin: Unauthorized Arbitrary File Deletion Vulnerability (CVE-2024-7856)
152177WordPress Media Library Folders Plugin: Second Order SQL Injection Vulnerability (CVE-2024-7857)
152178Apache OFBiz Forced Browsing Vulnerability (CVE-2024-45195)
152179Lunary-ai Cross-Site Scripting Vulnerability (CVE-2024-5478)
152180WordPress Clean Login Plugin: Local File Inclusion Vulnerability (CVE-2024-8252)
152181WordPress Ultimate Store Kit Plugin: PHP Object Injection Vulnerability (CVE-2024-8030)
152182WordPress Events Calendar Pro Plugin: PHP Object Injection Vulnerability (CVE-2024-8016)
152183WordPress Web Directory Free Plugin: Local File Inclusion Vulnerability (CVE-2024-3673)
152184WordPress LiteSpeed Cache Plugin: Unauthenticated Account Takeover Vulnerability (CVE-2024-44000)
152185Tiki Wiki CMS Groupware PHP Object Injection Vulnerability (CVE-2023-22851)
152186Tiki Wiki CMS Groupware PHP Object Injection Vulnerability (CVE-2023-22853)
152187WordPress Attire Theme: PHP Object Injection Vulnerability (CVE-2024-7435)
152188WordPress WP Events Manager Plugin: Time-based SQL Injection Vulnerability (CVE-2024-7717)
152189GitLab Command Injection Vulnerability (CVE-2024-8640)
152190GitLab Authentication Bypass Vulnerability (CVE-2024-6678)
152191GitLab Server Side Request Forgery Vulnerability (CVE-2024-8635)
152192GitLab Denial of Service Vulnerability (CVE-2024-8124)
152193WordPress Adicon Server Plugin: SQL Injection Vulnerability (CVE-2024-7766)
152194Adobe ColdFusion Improper Authentication Vulnerability (CVE-2024-45113)
152195Adobe ColdFusion Arbitrary Code Execution Vulnerability (CVE-2024-41874)
152196WordPress Betheme Theme: PHP Object Injection Vulnerability (CVE-2024-2694)
152197WordPress Tutor LMS Pro Plugin: Missing Authorization Vulnerability (CVE-2024-5784)
152198WordPress Login with Phone Number Plugin: Privilege Escalation Vulnerability (CVE-2024-6482)
152199WordPress Stream Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-7423)
152200WordPress Backuply Plugin: SQL Injection Vulnerability (CVE-2024-8669)
152203WordPress BuddyForms Plugin: Privilege Escalation Vulnerability (CVE-2024-8246)
152204WordPress FOX Currency Switcher Plugin: Arbitrary Shortcode Execution Vulnerability (CVE-2024-8271)
152205Moodle Calculated Questions Remote Code Execution (CVE-2024-43425)
152208WordPress TrueBooker Plugin: SQL Injection Vulnerability (CVE-2024-6924)
152210WordPress Share This Image Plugin: Open Redirect Vulnerability (CVE-2024-8761)
152211Zimbra Cross-Site Scripting (XSS) Vulnerability (CVE-2024-33533)
152212Zimbra Local File Inclusion Vulnerability (CVE-2024-33535)
152213Default Web Page for JBoss EAP
152214WordPress MStore API Plugin: Unauthorized User Registration Vulnerability (CVE-2024-8269)
152217WordPress Frontend Dashboard Plugin: Unauthorized Code Execution Vulnerability (CVE-2024-8268)
152218WordPress Post Grid and Gutenberg Blocks Plugin: Privilege Escalation Vulnerability (CVE-2024-8253)
152219WordPress Affiliate Super Assistent Plugin: Arbitrary Shortcode Execution Vulnerability (CVE-2024-8478)
152220WordPress Slider Comparison Image Before and After Plugin: Cross-Site Scripting Vulnerability (CVE-2024-8543)
152221WordPress Webo-facto Plugin: Privilege Escalation Vulnerability (CVE-2024-8853)
152222WordPress LearnPress Plugin: SQL Injection Vulnerability (CVE-2024-8522)
152223WordPress LearnPress Plugin: SQL Injection Vulnerability (CVE-2024-8529)
152225WordPress Essential Addons for Elementor Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-8440)
152226Kibana YAML Deserialization Vulnerability (CVE-2024-37285)
152227Kibana YAML Deserialization Vulnerability (CVE-2024-37288)
152228Drupal Full Path Disclosure Vulnerability (CVE-2024-45440)
152229Ivanti Endpoint Manager (EPM) Remote Code Execution via SQL Injection Vulnerability (CVE-2024-29824)
152230Apache Tomcat Denial of Service Vulnerability (CVE-2024-38286)
152231WordPress BA Book Everything Plugin: Cross-Site Request Forgery Vulnerability (CVE-2024-8795)
152234WordPress REST API TO MiniProgram Plugin: Privilege Escalation Vulnerability (CVE-2024-8485)
152235WordPress HTML Sitemap Plugin: SQL Injection Vulnerability (CVE-2024-7385)
152236WordPress WC Frontend Manager(WCFM) Plugin: Insecure Direct Object Reference Vulnerability (CVE-2024-8290)
152237WordPress Meta Data and Taxonomies Filter Plugin: SQL Injection Vulnerability (CVE-2024-8624)
152238WordPress Special Text Boxes Plugin: Arbitrary Shortcode Execution Vulnerability (CVE-2024-8481)
152239WordPress Pixel Cat Plugin: Reflected Cross-Site Scripting Vulnerability (CVE-2024-8544)
152240WordPress Koko Analytics Plugin: Reflected Cross-Site Scripting Vulnerability (CVE-2024-8662)
152258Ivanti Endpoint Manager (EPM) Web Console 2.0 Detected
152242WordPress Daily Prayer Time Plugin: SQL Injection Vulnerability (CVE-2024-8621)
152243WordPress WP Easy Gallery Plugin: SQL Injection Vulnerability (CVE-2024-8436)
152244WordPress Charitable Plugin: Privilege Escalation Vulnerability (CVE-2024-8791)
152245WordPress Prisna GWT Plugin: PHP Object Injection Vulnerability (CVE-2024-8514)
152246WordPress Events Calendar Plugin: SQL Injection Vulnerability (CVE-2024-8275)
154158Joomla! Core Self Cross-Site Scripting Vulnerability (CVE-2024-21730)
154159Joomla! Core Cross-Site Scripting Vulnerability (CVE-2024-21731)
520029Nginx Buffer overread in the ngx_http_mp4_module (CVE-2024-7347)
520030Open Secure Sockets Layer (OpenSSL) Type Confusion Vulnerability (CVE-2024-6119)
Share your Comments

Comments

Your email address will not be published. Required fields are marked *