aio-libs — aiosmtpd
|
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-12 |
5.3 |
CVE-2024-27305
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
ameliabooking — booking_for_appointments_and_events_calendar_-_amelia
|
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
6.1 |
CVE-2024-1484
security@wordfence.com
security@wordfence.com |
apache_software_foundation — apache_pulsar
|
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6. 2.11 Apache Pulsar users should upgrade to at least 2.11.4. 3.0 Apache Pulsar users should upgrade to at least 3.0.3. 3.1 Apache Pulsar users should upgrade to at least 3.1.3. 3.2 Apache Pulsar users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. |
2024-03-12 |
6.4 |
CVE-2024-28098
security@apache.org
security@apache.org |
apache_software_foundation — apache_zookeeper
|
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability. |
2024-03-12 |
4.7 |
CVE-2024-2394
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
argoproj — argo-cd
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. “Local sync” is an Argo CD feature that allows developers to temporarily override an Application’s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version. |
2024-03-13 |
6.4 |
CVE-2023-50726
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
ari_soft — ari_stream_quiz
|
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32. |
2024-03-16 |
5.4 |
CVE-2023-51487
audit@patchstack.com |
artibot — artibot_free_chat_bot_for_wordpress_websites |
The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-03-13 |
4.4 |
CVE-2024-0449
security@wordfence.com
security@wordfence.com |
artibot — artibot_free_chat_bot_for_wordpress_websites
|
The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings. |
2024-03-13 |
5 |
CVE-2024-0447
security@wordfence.com
security@wordfence.com |
atlas_gondal — export_media_urls
|
Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0. |
2024-03-16 |
4.3 |
CVE-2023-51510
audit@patchstack.com |
automattic,_inc. — crowdsignal_dashboard_-_polls,_surveys_&_more
|
Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. |
2024-03-16 |
5.4 |
CVE-2023-51489
audit@patchstack.com |
averta — depicter_slider
|
Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6. |
2024-03-16 |
5.4 |
CVE-2023-51491
audit@patchstack.com |
badger_meter — monitool
|
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality. |
2024-03-12 |
6.5 |
CVE-2024-1303
cve-coordination@incibe.es |
badger_meter — monitool
|
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session. |
2024-03-12 |
6.3 |
CVE-2024-1304
cve-coordination@incibe.es |
barrykooij — related_posts_for_wordpress
|
The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts. |
2024-03-13 |
5.4 |
CVE-2024-0592
security@wordfence.com
security@wordfence.com
security@wordfence.com |
basix — nex-forms_-_ultimate_form_builder
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5. |
2024-03-15 |
6.5 |
CVE-2024-25593
audit@patchstack.com |
bdthemes — prime_slider_-_addons_for_elementor_(revolution_of_a_slider,_hero_slider,_ecommerce_slider)
|
The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tags’ attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1507
security@wordfence.com
security@wordfence.com |
bdthemes — prime_slider_-_addons_for_elementor_(revolution_of_a_slider,_hero_slider,_ecommerce_slider)
|
The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘settings[‘title_tags’]’ attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1508
security@wordfence.com
security@wordfence.com |
binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketin-¦ |
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the ‘ladiflow_hook_configs’ option. |
2024-03-12 |
4.3 |
CVE-2023-4626
security@wordfence.com
security@wordfence.com |
binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
|
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the ‘ladipage_config’ option. |
2024-03-12 |
4.3 |
CVE-2023-4627
security@wordfence.com
security@wordfence.com |
binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
|
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the ‘ladiflow_hook_configs’ option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-03-12 |
4.3 |
CVE-2023-4628
security@wordfence.com
security@wordfence.com |
binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
|
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the ‘ladipage_config’ option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-03-12 |
4.3 |
CVE-2023-4629
security@wordfence.com
security@wordfence.com |
binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
|
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS |
2024-03-12 |
4.3 |
CVE-2023-4728
security@wordfence.com
security@wordfence.com |
binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
|
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-03-12 |
4.3 |
CVE-2023-4729
security@wordfence.com
security@wordfence.com |
binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
|
The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via ‘init’ in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the ‘ladipage_key’ which enables them to create new posts on the website and inject malicious web scripts, |
2024-03-12 |
4.3 |
CVE-2023-4731
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
bitpressadmin — contact_form_builder_by_bit_form:_create_contact_form,_multi_step_form,_conversational_form
|
The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions. |
2024-03-13 |
5.3 |
CVE-2024-1640
security@wordfence.com
security@wordfence.com |
blossomthemes — blossom_spa
|
The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts. |
2024-03-12 |
5.8 |
CVE-2024-2107
security@wordfence.com
security@wordfence.com |
bluecoral — chat_bubble_-_floating_chat_with_contact_chat_icons,_messages,_telegram,_email,_sms,_call_me_back
|
The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-03-13 |
4.4 |
CVE-2024-0898
security@wordfence.com
security@wordfence.com |
bobbingwide — oik
|
The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-14 |
6.4 |
CVE-2024-2256
security@wordfence.com
security@wordfence.com
security@wordfence.com |
bradwenqiang — hr
|
A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-15 |
6.3 |
CVE-2024-2478
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
brainstormforce — elementor_header_&_footer_builder
|
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1237
security@wordfence.com
security@wordfence.com
security@wordfence.com |
britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features
|
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1541
security@wordfence.com
security@wordfence.com
security@wordfence.com |
catchsquare — wp_social_widget
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5. |
2024-03-15 |
6.5 |
CVE-2024-27189
audit@patchstack.com |
charlestsmith — word_replacer_pro
|
The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site. |
2024-03-16 |
5.3 |
CVE-2024-1733
security@wordfence.com
security@wordfence.com |
choijun — la-studio_element_kit_for_elementor
|
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-14 |
6.4 |
CVE-2024-2249
security@wordfence.com
security@wordfence.com |
chrisbadgett — lifterlms_-_wordpress_lms_plugin_for_elearning
|
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘process_review’ function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site. |
2024-03-13 |
5.3 |
CVE-2024-0377
security@wordfence.com
security@wordfence.com |
cisco — cisco_ios_xr_software
|
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely. |
2024-03-13 |
6.5 |
CVE-2024-20262
ykramarz@cisco.com |
cisco — cisco_ios_xr_software
|
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘zoom_recordings_by_meeting’ shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-12 |
6.4 |
CVE-2024-2031
security@wordfence.com
security@wordfence.com |
cisco — cisco_ios_xr_software
|
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device. Notes: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected. |
2024-03-13 |
5.3 |
CVE-2024-20266
ykramarz@cisco.com |
cisco — cisco_ios_xr_software
|
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. |
2024-03-13 |
5.8 |
CVE-2024-20315
ykramarz@cisco.com |
cisco — cisco_ios_xr_software
|
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. |
2024-03-13 |
5.8 |
CVE-2024-20322
ykramarz@cisco.com |
cisco — cisco_ios_xr_software
|
A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests. |
2024-03-13 |
4.3 |
CVE-2024-20319
ykramarz@cisco.com |
citrix — citrix_sd-wan_standard/premium_editions
|
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. |
2024-03-12 |
6.5 |
CVE-2024-2049
secure@citrix.com |
ckan — ckan
|
A user endpoint didn’t perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade. Users unable to upgrade should override the `/user/reset` endpoint to filter the `id` parameter in order to exclude newlines. |
2024-03-13 |
4.3 |
CVE-2024-27097
security-advisories@github.com
security-advisories@github.com |
cloudflare — quiche
|
Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue. |
2024-03-12 |
5.9 |
CVE-2024-1765
cna@cloudflare.com |
codename065 — download_manager
|
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2023-6954
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
codename065 — download_manager
|
The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published). |
2024-03-13 |
5.3 |
CVE-2023-6785
security@wordfence.com
security@wordfence.com |
codeworkweb — cww_companion
|
The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-12 |
6.4 |
CVE-2024-2130
security@wordfence.com
security@wordfence.com |
collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1409
security@wordfence.com
security@wordfence.com |
collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1535
security@wordfence.com
security@wordfence.com
security@wordfence.com |
collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1806
security@wordfence.com
security@wordfence.com
security@wordfence.com |
cool_plugins — cryptocurrency_widgets_-_price_ticker_&_coins_list
|
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. |
2024-03-13 |
4.7 |
CVE-2024-27953
audit@patchstack.com |
cozmoslabs — paid_member_subscriptions
|
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4. |
2024-03-15 |
4.3 |
CVE-2023-51522
audit@patchstack.com |
cozyvision1 — sms_alert_order_notifications_-_woocommerce
|
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-03-13 |
4.3 |
CVE-2024-1489
security@wordfence.com
security@wordfence.com |
crmperks — database_for_contact_form_7,_wpforms,_elementor_forms
|
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2030
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
cservit — affiliate-toolkit – WordPress Affiliate Plugin |
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists. |
2024-03-08 |
6.3 |
CVE-2024-1851
security@wordfence.com
security@wordfence.com |
cyberlord92 — page_restriction_wordpress_(wp)_-_protect_wp_pages/post
|
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage. |
2024-03-13 |
5.3 |
CVE-2024-0681
security@wordfence.com
security@wordfence.com |
david_de_boer — paytium:_mollie_payment_forms_&_donations
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2. |
2024-03-13 |
6.5 |
CVE-2024-25099
audit@patchstack.com |
dell — poweredge_bios_intel_16g
|
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM. |
2024-03-13 |
5.3 |
CVE-2024-0162
security_alert@emc.com |
dell — poweredge_bios_intel_16g
|
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. |
2024-03-13 |
5.3 |
CVE-2024-0163
security_alert@emc.com |
devitemsllc — ht_mega_-_absolute_addons_for_elementor
|
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the ‘titleTag’ user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-12 |
6.4 |
CVE-2024-1397
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
devitemsllc — ht_mega_-_absolute_addons_for_elementor
|
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-12 |
6.4 |
CVE-2024-1421
security@wordfence.com
security@wordfence.com |
directus — directus
|
Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There’s a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don’t seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message “Your password needs to be updated” to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-12 |
5.4 |
CVE-2024-28239
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
discourse — discourse
|
Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting. |
2024-03-15 |
6.5 |
CVE-2024-27085
security-advisories@github.com
security-advisories@github.com |
discourse — discourse
|
Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren’t enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-15 |
6.5 |
CVE-2024-27100
security-advisories@github.com
security-advisories@github.com |
discourse — discourse
|
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-15 |
5.3 |
CVE-2024-24748
security-advisories@github.com
security-advisories@github.com |
discourse — discourse
|
Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server. |
2024-03-15 |
5.3 |
CVE-2024-24827
security-advisories@github.com
security-advisories@github.com |
discourse — discourse
|
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds. |
2024-03-15 |
5.3 |
CVE-2024-28242
security-advisories@github.com
security-advisories@github.com |
doofinder — doofinder_for_woocommerce
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8. |
2024-03-15 |
5.9 |
CVE-2024-25596
audit@patchstack.com |
dreamer — cms
|
A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-10 |
4.3 |
CVE-2024-2354
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
droitthemes — droit_elementor_addons_-_widgets,_blocks,_templates_library_for_elementor_builder
|
The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
5.4 |
CVE-2024-2252
security@wordfence.com
security@wordfence.com |
edge22 — generateblocks
|
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates. |
2024-03-13 |
4.3 |
CVE-2024-1452
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
edge22 — wp_show_posts
|
The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages. |
2024-03-13 |
5.3 |
CVE-2024-1479
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
elementinvader — elementinvader_addons_for_elementor
|
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-16 |
6.4 |
CVE-2024-2308
security@wordfence.com
security@wordfence.com |
elementor — elementor_pro
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2. |
2024-03-16 |
6.5 |
CVE-2024-23523
audit@patchstack.com |
exafunction — codeium-chrome
|
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn’t check the sender when receiving an external message. This allows an attacker to host a website that will steal the user’s Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key. |
2024-03-11 |
6.5 |
CVE-2024-28120
security-advisories@github.com
security-advisories@github.com |
expresstech — quiz_and_survey_master
|
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master. This issue affects Quiz And Survey Master: from n/a through 8.1.18. |
2024-03-16 |
5.4 |
CVE-2023-51521
audit@patchstack.com |
file_manager — file_manager_pro
|
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tb’ parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
6.1 |
CVE-2023-7015
security@wordfence.com
security@wordfence.com |
fluid-cloudnative — fluid
|
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project’s JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data. Users who’re using versions < 0.9.3 with JuicefsRuntime should upgrade to v0.9.3. |
2024-03-15 |
4 |
CVE-2023-51699
security-advisories@github.com
security-advisories@github.com |
follow-redirects — follow-redirects
|
follow-redirects is an open source, drop-in replacement for Node’s `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-14 |
6.5 |
CVE-2024-28849
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
formfacade — formfacade
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0. |
2024-03-15 |
6.5 |
CVE-2024-25934
audit@patchstack.com |
fortinet — fortimanager
|
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. |
2024-03-12 |
6.7 |
CVE-2023-41842
psirt@fortinet.com |
fortinet — fortiportal
|
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. |
2024-03-12 |
4.3 |
CVE-2024-21761
psirt@fortinet.com |
fortinet — fortiproxy |
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. |
2024-03-12 |
4.3 |
CVE-2024-23112
psirt@fortinet.com |
fortra — filecatalyst
|
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. |
2024-03-13 |
5.3 |
CVE-2024-25154
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff |
fortra — goanywhere_mft
|
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. |
2024-03-14 |
6.5 |
CVE-2024-25156
df4dee71-de3a-4139-9588-11b62fe6c0ff |
frenify — categorify_-_wordpress_media_library_category_&_file_manager
|
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories. |
2024-03-13 |
4.3 |
CVE-2024-0385
security@wordfence.com
security@wordfence.com |
friendlyelec — friendlywrt
|
Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data. |
2024-03-15 |
5.2 |
CVE-2024-2495
cve-coordination@incibe.es |
friendsofsymfony1 — symfony1
|
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in `$this->_keys` to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys …) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-15 |
5 |
CVE-2024-28859
security-advisories@github.com
security-advisories@github.com |
gacjie — server
|
A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256503. |
2024-03-12 |
5.4 |
CVE-2024-2406
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
geminilabs — site_reviews
|
The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2293
security@wordfence.com
security@wordfence.com
security@wordfence.com |
gonahkar — custom_fields_shortcode
|
The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2023-6809
security@wordfence.com
security@wordfence.com |
gpriday — siteorigin_widgets_bundle
|
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance[‘fonts’][‘title_options’][‘tag’], $headline_tag, $sub_headline_tag, $feature[‘icon’]. |
2024-03-13 |
6.4 |
CVE-2024-1723
security@wordfence.com
security@wordfence.com
security@wordfence.com |
hammadh — play.ht_-_make_your_blog_posts_accessible_with_text_to_speech_audio
|
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio. |
2024-03-13 |
5.4 |
CVE-2024-0828
security@wordfence.com
security@wordfence.com |
hammadh — play.ht_-_make_your_blog_posts_accessible_with_text_to_speech_audio
|
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-03-13 |
4.3 |
CVE-2024-0827
security@wordfence.com
security@wordfence.com |
heimavista — rpage
|
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled. |
2024-03-13 |
5.3 |
CVE-2024-2412
twcert@cert.org.tw |
hiroaki_miyashita — custom_field_template
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6. |
2024-03-15 |
6.5 |
CVE-2024-25919
audit@patchstack.com |
hitachi — cosminexus_component_container
|
Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 through 11-20-*, from 11-10 through 11-10-*, from 11-00 before 11-00-12, All versions of V8 and V9. |
2024-03-12 |
5.6 |
CVE-2023-6814
hirt@hitachi.co.jp |
htplugins — ht_easy_ga4_-_google_analytics_wordpress_plugin
|
The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4. |
2024-03-13 |
5.3 |
CVE-2024-1176
security@wordfence.com
security@wordfence.com |
ibm — host_access_transformation_services
|
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989. |
2024-03-15 |
6.2 |
CVE-2021-38938
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — integration_bus_for_z/os
|
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. |
2024-03-14 |
4.5 |
CVE-2024-27265
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — maximo_application_suite_-_maximo_mobile_for_eam
|
IBM Maximo Application Suite – Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. |
2024-03-13 |
5.1 |
CVE-2023-43043
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — maximo_asset_management
|
IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192. |
2024-03-13 |
6.4 |
CVE-2023-38723
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — secure_proxy
|
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973. |
2024-03-15 |
6.1 |
CVE-2023-47162
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — secure_proxy
|
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974. |
2024-03-15 |
6.1 |
CVE-2023-47699
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — secure_proxy
|
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692. |
2024-03-15 |
5.4 |
CVE-2023-46182
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — secure_proxy
|
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598. |
2024-03-15 |
5.9 |
CVE-2023-47147
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — secure_proxy
|
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. |
2024-03-15 |
4.3 |
CVE-2023-46179
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — secure_proxy
|
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. |
2024-03-15 |
4 |
CVE-2023-46181
psirt@us.ibm.com
psirt@us.ibm.com |
ibm — sterling_partner_engagement_manager
|
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421. |
2024-03-13 |
5.4 |
CVE-2023-28517
psirt@us.ibm.com
psirt@us.ibm.com |
icopydoc — yml_for_yandex_market
|
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
6.1 |
CVE-2024-1365
security@wordfence.com
security@wordfence.com |
intoxstudio — restrict_user_access_-_ultimate_membership_&_content_protection
|
The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API. |
2024-03-13 |
5.3 |
CVE-2024-0687
security@wordfence.com
security@wordfence.com |
joseph_c_dolson — my_calendar
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23. |
2024-03-15 |
6.5 |
CVE-2024-25916
audit@patchstack.com |
justinbusa — beaver_builder_-_wordpress_page_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-0896
security@wordfence.com
security@wordfence.com
security@wordfence.com |
justinbusa — beaver_builder_-_wordpress_page_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-0897
security@wordfence.com
security@wordfence.com |
justinbusa — beaver_builder_-_wordpress_page_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget ‘link_url’ parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1074
security@wordfence.com
security@wordfence.com
security@wordfence.com |
justinbusa — beaver_builder_-_wordpress_page_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1080
security@wordfence.com
security@wordfence.com |
justinbusa — beaver_builder_-_wordpress_page_builder
|
The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget ‘fl_builder_data[node_preview][link]’ and ‘fl_builder_data[settings][link_target]’ parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
5.4 |
CVE-2024-0871
security@wordfence.com
security@wordfence.com |
justinbusa — beaver_builder_-_wordpress_page_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a ‘playground.wordpress.net’ parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
5.4 |
CVE-2024-1038
security@wordfence.com
security@wordfence.com
security@wordfence.com |
kbjohnson90 — user_shortcodes_plus
|
The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta. |
2024-03-13 |
5.3 |
CVE-2023-6969
security@wordfence.com
security@wordfence.com |
korenix — jeti/o_6550
|
Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials. |
2024-03-12 |
6.2 |
CVE-2024-2371
cve-coordination@incibe.es |
leap13 — premium_addons_for_elementor
|
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-0326
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
leap13 — premium_addons_for_elementor
|
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1680
security@wordfence.com
security@wordfence.com |
livemesh — elementor_addons_by_livemesh
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.This issue affects Elementor Addons by Livemesh: from n/a through 8.3.5. |
2024-03-14 |
6.5 |
CVE-2024-27986
audit@patchstack.com |
livemesh — livemesh_addons_for_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3. |
2024-03-15 |
6.5 |
CVE-2024-25598
audit@patchstack.com |
livemesh — wpbakery_page_builder_addons_by_livemesh
|
The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘per_line_mobile’ shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2079
security@wordfence.com
security@wordfence.com |
logitech — logi_tune
|
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. |
2024-03-15 |
4.4 |
CVE-2024-2537
cve-coordination@logitech.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2516
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2517
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookdate.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2520
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2522
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2524
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2527
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2528
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2529
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2531
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
magesh-k21 — online-college-event-hall-reservation-system
|
A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256969 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-16 |
6.3 |
CVE-2024-2532
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
mainwp — mainwp_dashboard_-_wordpress_manager_for_multiple_websites_maintenance
|
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the ‘posting_bulk’ function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-03-13 |
4.3 |
CVE-2024-1642
security@wordfence.com
security@wordfence.com
security@wordfence.com |
mattermost — mattermost
|
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server. |
2024-03-15 |
6.1 |
CVE-2024-2445
responsibledisclosure@mattermost.com |
mattermost — mattermost
|
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages. |
2024-03-15 |
4.3 |
CVE-2024-2446
responsibledisclosure@mattermost.com |
mattermost — mattermost_mobile
|
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-15 |
4.7 |
CVE-2024-2497
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
mdp — rotp
|
The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation. |
2024-03-16 |
5.3 |
CVE-2024-28862
security-advisories@github.com |
metagauss — eventprime_-_events_calendar,_bookings_and_tickets
|
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event. |
2024-03-13 |
5.3 |
CVE-2024-1126
security@wordfence.com
security@wordfence.com |
metagauss — eventprime_-_events_calendar,_bookings_and_tickets
|
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated attackers to book events for free. |
2024-03-13 |
5.3 |
CVE-2024-1321
security@wordfence.com
security@wordfence.com |
metagauss — eventprime_-_events_calendar,_bookings_and_tickets
|
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII. |
2024-03-13 |
4.3 |
CVE-2024-1127
security@wordfence.com
security@wordfence.com
security@wordfence.com |
mha_sistemas — armhazena
|
A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-03-15 |
6.3 |
CVE-2024-2480
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
microsoft — intune_company_portal_for_android
|
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
2024-03-12 |
6.6 |
CVE-2024-26201
secure@microsoft.com |
microsoft — microsoft_edge_(chromium-based)
|
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
2024-03-14 |
4.7 |
CVE-2024-26163
secure@microsoft.com |
microsoft — microsoft_teams_for_android
|
Microsoft Teams for Android Information Disclosure Vulnerability |
2024-03-12 |
5 |
CVE-2024-21448
secure@microsoft.com |
microsoft — windows_10_version_1809
|
Windows USB Hub Driver Remote Code Execution Vulnerability |
2024-03-12 |
6.8 |
CVE-2024-21429
secure@microsoft.com |
microsoft — windows_10_version_1809
|
Windows Hyper-V Denial of Service Vulnerability |
2024-03-12 |
5.5 |
CVE-2024-21408
secure@microsoft.com |
microsoft — windows_10_version_1809
|
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability |
2024-03-12 |
5.7 |
CVE-2024-21430
secure@microsoft.com |
microsoft — windows_10_version_1809
|
Windows Kernel Information Disclosure Vulnerability |
2024-03-12 |
5.5 |
CVE-2024-26174
secure@microsoft.com |
microsoft — windows_10_version_1809
|
Windows Kernel Information Disclosure Vulnerability |
2024-03-12 |
5.5 |
CVE-2024-26177
secure@microsoft.com |
microsoft — windows_10_version_1809
|
Windows Kernel Denial of Service Vulnerability |
2024-03-12 |
5.5 |
CVE-2024-26181
secure@microsoft.com |
microsoft — windows_11_version_22h2
|
Windows Compressed Folder Tampering Vulnerability |
2024-03-12 |
6.5 |
CVE-2024-26185
secure@microsoft.com |
microsoft — windows_11_version_22h2
|
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
2024-03-12 |
5.5 |
CVE-2024-26160
secure@microsoft.com |
microsoft — windows_defender_antimalware_platform
|
Microsoft Defender Security Feature Bypass Vulnerability |
2024-03-12 |
5.5 |
CVE-2024-20671
secure@microsoft.com |
microsoft — windows_server_2019
|
Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
2024-03-12 |
6.5 |
CVE-2024-26197
secure@microsoft.com |
movistar_ — router_movistar_4g
|
Cross-Site Request Forgery vulnerability in Movistar’s 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated. |
2024-03-13 |
6.5 |
CVE-2024-2416
cve-coordination@incibe.es |
mra13 — simple_membership
|
The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Display Name’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution. |
2024-03-13 |
4.7 |
CVE-2024-1985
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
msaari — relevanssi_-_a_better_search
|
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is. |
2024-03-13 |
5.3 |
CVE-2024-1380
security@wordfence.com
security@wordfence.com |
n/a — 1panel
|
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304. |
2024-03-10 |
6.3 |
CVE-2024-2352
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
n/a — 3rd_and_4th_generation_intel(r)_xeon(r)_processors_when_using_intel(r)_sgx_or_intel(r)_tdx
|
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |
2024-03-14 |
6.1 |
CVE-2023-22655
secure@intel.com |
n/a — intel(r)_atom(r)_processors
|
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
2024-03-14 |
6.5 |
CVE-2023-28746
secure@intel.com |
n/a — intel(r)_csme_installer_software
|
Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2024-03-14 |
6.7 |
CVE-2023-28389
secure@intel.com |
n/a — intel(r)_csme_installer_software
|
Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2024-03-14 |
6.7 |
CVE-2023-32633
secure@intel.com |
n/a — intel(r)_processors
|
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. |
2024-03-14 |
6.5 |
CVE-2023-39368
secure@intel.com |
n/a — intel(r)_processors
|
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
2024-03-14 |
5.5 |
CVE-2023-38575
secure@intel.com |
n/a — intel(r)_sps_firmware_versions
|
Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access. |
2024-03-14 |
6.8 |
CVE-2023-35191
secure@intel.com |
n/a — intel(r)_xeon(r)_d_processors_with_intel(r)_sgx
|
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. |
2024-03-14 |
5.3 |
CVE-2023-43490
secure@intel.com |
n/a — libvirt
|
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. |
2024-03-11 |
5.5 |
CVE-2024-1441
secalert@redhat.com
secalert@redhat.com |
n/a — openstack-designate
|
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information. |
2024-03-15 |
6.6 |
CVE-2023-6725
secalert@redhat.com
secalert@redhat.com |
n/a — ovn
|
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service. |
2024-03-12 |
6.5 |
CVE-2024-2182
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com |
ndijkstra — mollie_forms
|
The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages. |
2024-03-11 |
4.3 |
CVE-2024-1400
security@wordfence.com
security@wordfence.com |
ndijkstra — mollie_forms
|
The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin. |
2024-03-11 |
4.3 |
CVE-2024-1645
security@wordfence.com
security@wordfence.com
security@wordfence.com |
netweblogic — events_manager_-_calendar,_bookings,_tickets,_and_more!
|
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-03-13 |
4.4 |
CVE-2024-0614
security@wordfence.com
security@wordfence.com
security@wordfence.com |
newsletter2go — newsletter2go
|
The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-12 |
6.4 |
CVE-2024-1328
security@wordfence.com
security@wordfence.com |
nik00726 — team_circle_image_slider_with_lightbox
|
The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-03-13 |
5.3 |
CVE-2015-10130
security@wordfence.com
security@wordfence.com |
nixos — nix
|
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as “valid” and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-11 |
6.3 |
CVE-2024-27297
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
nmedia — comments_extra_fields_for_post,pages_and_cpt
|
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings. |
2024-03-13 |
4.3 |
CVE-2024-0829
security@wordfence.com
security@wordfence.com
security@wordfence.com |
nmedia — comments_extra_fields_for_post,pages_and_cpt
|
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings. |
2024-03-13 |
4.3 |
CVE-2024-0830
security@wordfence.com
security@wordfence.com
security@wordfence.com |
openolat — openolat
|
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system. |
2024-03-11 |
4.6 |
CVE-2024-28198
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
opentext — vertica_management_console
|
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x |
2024-03-15 |
5 |
CVE-2023-7248
security@opentext.com |
opentext– exceed_turbo_x
|
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting. |
2024-03-13 |
6.4 |
CVE-2023-38536
security@opentext.com |
opentextâ„¢ — exceed_turbo_x
|
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys. |
2024-03-13 |
4.7 |
CVE-2023-38535
security@opentext.com |
palantir — com.palantir.acme.gaia:gaia
|
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack. |
2024-03-12 |
6.8 |
CVE-2023-30968
cve-coordination@palantir.com |
palo_alto_networks — globalprotect_app
|
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode. |
2024-03-13 |
5.5 |
CVE-2024-2431
psirt@paloaltonetworks.com |
palo_alto_networks — globalprotect_app
|
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. |
2024-03-13 |
4.5 |
CVE-2024-2432
psirt@paloaltonetworks.com |
palo_alto_networks — pan-os
|
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected. |
2024-03-13 |
4.3 |
CVE-2024-2433
psirt@paloaltonetworks.com |
papercut — papercut_ng,_papercut_mf
|
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. |
2024-03-14 |
6.3 |
CVE-2024-1883
eb41dac7-0af8-4f84-9f6d-0272772514f4 |
papercut — papercut_ng,_papercut_mf
|
This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. |
2024-03-14 |
6.5 |
CVE-2024-1884
eb41dac7-0af8-4f84-9f6d-0272772514f4 |
papercut — papercut_ng,_papercut_mf
|
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state. |
2024-03-14 |
4.8 |
CVE-2024-1223
eb41dac7-0af8-4f84-9f6d-0272772514f4 |
pawaryogesh1989 — bulk_edit_post_titles
|
The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. |
2024-03-13 |
4.3 |
CVE-2024-0369
security@wordfence.com
security@wordfence.com |
peering-manager — peering-manager
|
Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-12 |
6.1 |
CVE-2024-28112
security-advisories@github.com
security-advisories@github.com |
phoenix_contact — charx_sec-3000
|
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. |
2024-03-12 |
5.3 |
CVE-2024-25994
info@cert.vde.com |
phoenix_contact — charx_sec-3000
|
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. |
2024-03-12 |
5.3 |
CVE-2024-25996
info@cert.vde.com |
phoenix_contact — charx_sec-3000
|
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. |
2024-03-12 |
5.3 |
CVE-2024-25997
info@cert.vde.com |
phoenix_contact — charx_sec-3000
|
An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. |
2024-03-12 |
5.9 |
CVE-2024-26000
info@cert.vde.com |
phoenix_contact — charx_sec-3000
|
An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. |
2024-03-12 |
4.8 |
CVE-2024-26005
info@cert.vde.com |
pinterest — querybook
|
Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook’s datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-14 |
5.6 |
CVE-2024-28251
security-advisories@github.com
security-advisories@github.com |
postalserver — postal
|
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has ‘authorised’ to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with `<CR><LF>` line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. Once upgraded, Postal will only accept End of DATA sequences which are explicitly `<CR><LF>.<CR><LF>`. If a non-compliant sequence is detected it will be logged to the SMTP server log. There are no workarounds for this issue. |
2024-03-11 |
5.3 |
CVE-2024-27938
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
premium_addons_for_elementor — premium_addons_pro_for_elementor
|
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1996
security@wordfence.com
security@wordfence.com |
premium_addons_for_elementor — premium_addons_pro_for_elementor
|
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘premium_fbchat_app_id’ parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1997
security@wordfence.com
security@wordfence.com |
premium_addons_for_elementor — premium_addons_pro_for_elementor
|
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘navigation_dots’ parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2000
security@wordfence.com
security@wordfence.com |
premium_addons_for_elementor — premium_addons_pro_for_elementor
|
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2237
security@wordfence.com
security@wordfence.com |
premium_addons_for_elementor — premium_addons_pro_for_elementor
|
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2238
security@wordfence.com
security@wordfence.com |
premium_addons_for_elementor — premium_addons_pro_for_elementor
|
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2239
security@wordfence.com
security@wordfence.com |
premium_addons_for_elementor — premium_addons_pro_for_elementor
|
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-15 |
6.4 |
CVE-2024-2399
security@wordfence.com
security@wordfence.com
security@wordfence.com |
qnap — qts |
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later |
2024-03-08 |
6.5 |
CVE-2024-21900
security@qnapsecurity.com.tw |
radgeek — feedwordpress
|
The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled ‘guid’ key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information. |
2024-03-13 |
5.3 |
CVE-2024-0839
security@wordfence.com
security@wordfence.com |
rayhanduitku — duitku_payment_gateway
|
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed. |
2024-03-13 |
5.3 |
CVE-2024-0631
security@wordfence.com
security@wordfence.com |
realmag777 — husky_-_products_filter_for_woocommerce_(formerly_woof)
|
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3. |
2024-03-15 |
4.3 |
CVE-2023-50861
audit@patchstack.com |
realmag777 — husky_-_products_filter_professional_for_woocommerce
|
The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘woof’ shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘swoof_slug’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-15 |
6.4 |
CVE-2024-1796
security@wordfence.com
security@wordfence.com |
rednao — woocommerce_pdf_invoice_builder
|
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101. |
2024-03-16 |
5.4 |
CVE-2023-51486
audit@patchstack.com |
rejetto_ — http_file_server_
|
An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site. |
2024-03-12 |
6.5 |
CVE-2024-1227
cve-coordination@incibe.es |
rocket_elements — split_test_for_elementor
|
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9. |
2024-03-16 |
4.3 |
CVE-2023-51407
audit@patchstack.com |
rogierlankhorst — burst_statistics_-_privacy-friendly_analytics_for_wordpress
|
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘burst_total_pageviews_count’ custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the ‘Show Toolbar when viewing site’ option enabled in their profile. |
2024-03-13 |
6.4 |
CVE-2024-1894
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
sap_se — netweaver_(wsrm)
|
Under certain conditions SAP NetWeaver WSRM – version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. |
2024-03-12 |
5.3 |
CVE-2024-25644
cna@sap.com
cna@sap.com |
sap_se — sap_abap_platform
|
Due to missing authorization check, attacker with business user account in SAP ABAP Platform – version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. |
2024-03-12 |
4.3 |
CVE-2024-27900
cna@sap.com
cna@sap.com |
sap_se — sap_fiori_front_end_server
|
SAP Fiori Front End Server – version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application. |
2024-03-12 |
4.6 |
CVE-2024-22133
cna@sap.com
cna@sap.com |
sap_se — sap_netweaver_(enterprise_portal)
|
Under certain condition SAP NetWeaver (Enterprise Portal) – version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application. |
2024-03-12 |
5.3 |
CVE-2024-25645
cna@sap.com
cna@sap.com |
sap_se — sap_netweaver_as_abap_applications_based_on_sapgui_for_html_(webgui)
|
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP – versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system |
2024-03-12 |
5.4 |
CVE-2024-27902
cna@sap.com
cna@sap.com |
sap_se — sap_netweaver_process_integration_(support_web_pages)
|
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) – versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. |
2024-03-12 |
5.3 |
CVE-2024-28163
cna@sap.com
cna@sap.com |
sewpafly — post_thumbnail_editor
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. |
2024-03-16 |
5.3 |
CVE-2024-24845
audit@patchstack.com |
shapedplugin — easy_accordion_-_best_accordion_faq_plugin_for_wordpress
|
The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘accordion_content_source’ attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1363
security@wordfence.com
security@wordfence.com |
siemens — sentron_7km_pac3120_ac/dc
|
A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. |
2024-03-12 |
4.6 |
CVE-2024-21483
productcert@siemens.com |
siemens — siveillance_control
|
A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. |
2024-03-12 |
5.5 |
CVE-2023-45793
productcert@siemens.com |
sirv.com — sirv
|
Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. |
2024-03-15 |
5.4 |
CVE-2023-50898
audit@patchstack.com |
skyhigh — skyhigh_client_proxy
|
A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. |
2024-03-14 |
5.5 |
CVE-2024-0311
trellixpsirt@trellix.com |
skyhigh — skyhigh_client_proxy
|
A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. |
2024-03-14 |
5.5 |
CVE-2024-0312
trellixpsirt@trellix.com |
skyhigh — skyhigh_client_proxy
|
A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. |
2024-03-14 |
5.5 |
CVE-2024-0313
trellixpsirt@trellix.com |
snowflakedb — snowflake-hive-metastore-connector
|
The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script. |
2024-03-15 |
4 |
CVE-2024-28851
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
softaculous — backuply_-_backup,_restore,_migrate_and_clone
|
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers. |
2024-03-16 |
4.9 |
CVE-2024-2294
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
soundcloud_inc.,_lawrie_malen — soundcloud_shortcode
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1. |
2024-03-15 |
6.5 |
CVE-2024-25936
audit@patchstack.com |
sourcecodester — best_pos_management_system
|
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability. |
2024-03-13 |
6.3 |
CVE-2024-2418
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
sourcecodester — crud_without_page_reload
|
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability. |
2024-03-12 |
6.3 |
CVE-2024-2393
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
|
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user’s username and email addresses which can be used to help perform future attacks. |
2024-03-13 |
5.3 |
CVE-2024-2106
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
subratamal — terawallet_-_best_woocommerce_wallet_system_with_cashback_rewards,_partial_payment,_wallet_refunds
|
The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails. |
2024-03-13 |
4.3 |
CVE-2024-1690
security@wordfence.com
security@wordfence.com |
surya2developer — hostel_management_service
|
A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability. |
2024-03-15 |
4.3 |
CVE-2024-2483
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
surya2developer — hostel_management_system
|
A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. |
2024-03-15 |
6.5 |
CVE-2024-2481
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
svenl77 — post_form_-_registration_form_-_profile_form_for_user_profiles_-_frontend_content_forms_for_user_submissions_(ugc)
|
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published. |
2024-03-13 |
4.3 |
CVE-2024-1158
security@wordfence.com
security@wordfence.com
security@wordfence.com |
sysbasics — customize_my_account_for_woocommerce
|
Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3. |
2024-03-15 |
4.3 |
CVE-2023-51369
audit@patchstack.com |
takayukister — contact_form_7
|
The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
6.1 |
CVE-2024-2242
security@wordfence.com
security@wordfence.com |
techfyd — sky_addons_for_elementor_(free_templates_library,_live_copy,_animations,_post_grid,_post_carousel,_particles,_sliders,_chart,_blogs)
|
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2286
security@wordfence.com
security@wordfence.com |
techjewel — contact_form_plugin_by_fluent_forms_for_quiz,_survey,_and_drag_&_drop_wp_form_builder
|
The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin. |
2024-03-13 |
4.9 |
CVE-2023-6957
security@wordfence.com
security@wordfence.com |
thedark — auto_affiliate_links
|
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts. |
2024-03-13 |
4.3 |
CVE-2024-1843
security@wordfence.com
security@wordfence.com
security@wordfence.com |
themefusecom — brizy_-_page_builder
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1291
security@wordfence.com
security@wordfence.com |
themefusecom — brizy_-_page_builder
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1293
security@wordfence.com
security@wordfence.com |
themefusecom — brizy_-_page_builder
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1296
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
themefusion — avada_|_website_builder_for_wordpress_&_woocommerce
|
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form’s “password” field). |
2024-03-13 |
6.5 |
CVE-2024-1668
security@wordfence.com
security@wordfence.com |
themegrill — maintenance_page
|
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails. |
2024-03-13 |
5.3 |
CVE-2024-1370
security@wordfence.com
security@wordfence.com |
themegrill — maintenance_page
|
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode. |
2024-03-13 |
5.3 |
CVE-2024-1462
security@wordfence.com
security@wordfence.com |
themeisle — orbit_fox_by_themeisle
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1497
security@wordfence.com
security@wordfence.com
security@wordfence.com |
themeisle — orbit_fox_by_themeisle
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings[‘title_tags’] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1499
security@wordfence.com
security@wordfence.com
security@wordfence.com |
themeisle — orbit_fox_by_themeisle
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2126
security@wordfence.com
security@wordfence.com |
themencode_llc — tnc_pdf_viewer
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0. |
2024-03-13 |
6.5 |
CVE-2024-25097
audit@patchstack.com |
themisle — otter_blocks_pro_-_gutenberg_blocks,_page_builder_for_gutenberg_editor_&_fse
|
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1684
security@wordfence.com
security@wordfence.com |
themisle — otter_blocks_pro_-_gutenberg_blocks,_page_builder_for_gutenberg_editor_&_fse
|
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG uploads but the uploaded SVG files are sanitized. |
2024-03-13 |
6.1 |
CVE-2024-1691
security@wordfence.com
security@wordfence.com |
tibco_software_inc. — tibco_activespaces_-_enterprise_edition
|
The Proxy and Client components of TIBCO Software Inc.’s TIBCO ActiveSpaces – Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Enterprise Edition: versions 4.4.0 through 4.9.0. |
2024-03-12 |
4.3 |
CVE-2024-1137
security@tibco.com |
timstrifler — exclusive_addons_for_elementor
|
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1234
security@wordfence.com
security@wordfence.com |
timstrifler — exclusive_addons_for_elementor
|
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1413
security@wordfence.com
security@wordfence.com |
timstrifler — exclusive_addons_for_elementor
|
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1414
security@wordfence.com
security@wordfence.com |
timstrifler — exclusive_addons_for_elementor
|
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-2028
security@wordfence.com
security@wordfence.com |
turtlepod — f(x)_private_site
|
The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin. |
2024-03-12 |
5.3 |
CVE-2024-0906
security@wordfence.com
security@wordfence.com |
vantage6 — vantage6
|
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. |
2024-03-14 |
5.3 |
CVE-2024-24770
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
vantage6 — vantage6
|
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. |
2024-03-14 |
4.2 |
CVE-2024-23823
security-advisories@github.com
security-advisories@github.com |
vantage6 — vantage6-ui
|
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx. |
2024-03-14 |
5.4 |
CVE-2024-24562
security-advisories@github.com
security-advisories@github.com |
visualcomposer — visual_composer_website_builder,_landing_page_builder,_custom_theme_builder,_maintenance_mode_&_coming_soon_pages
|
The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2023-6880
security@wordfence.com
security@wordfence.com |
wago — controller_bacnet/ip
|
An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability. |
2024-03-13 |
5.4 |
CVE-2018-25090
info@cert.vde.com |
wbw — product_table_by_wbw
|
Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6. |
2024-03-16 |
4.3 |
CVE-2023-51512
audit@patchstack.com |
webtechstreet — elementor_addon_elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon_align’ attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1393
security@wordfence.com
security@wordfence.com
security@wordfence.com |
webtechstreet — elementor_addon_elements
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1391
security@wordfence.com
security@wordfence.com
security@wordfence.com |
webtechstreet — elementor_addon_elements
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button1_icon’ attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1392
security@wordfence.com
security@wordfence.com
security@wordfence.com |
webtechstreet — elementor_addon_elements
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget’s effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1422
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
wokamoto — simple_tweet
|
The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-0700
security@wordfence.com
security@wordfence.com
security@wordfence.com |
wpchill — simple_restrict
|
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin’s restrictions to extract post titles and content |
2024-03-13 |
5.3 |
CVE-2024-1083
security@wordfence.com
security@wordfence.com |
wpdatatables — wpdatatables_-_wordpress_data_table,_dynamic_tables_&_table_charts_plugin
|
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘A’ parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
6.1 |
CVE-2024-0591
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
wpdevteam — essential_addons_for_elementor_-_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
|
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1537
security@wordfence.com
security@wordfence.com |
wpdevteam — essential_blocks_-_page_builder_gutenberg_blocks,_patterns_&_templates
|
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1854
security@wordfence.com
security@wordfence.com |
wpeventmanager — wp_event_manager_-_events_calendar,_registrations,_sell_tickets_with_woocommerce
|
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
6.1 |
CVE-2024-0976
security@wordfence.com
security@wordfence.com
security@wordfence.com |
wpgmaps — wp_go_maps_(formerly_wp_google_maps) |
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpgmza’ shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1582
security@wordfence.com
security@wordfence.com |
wpgmaps — wp_go_maps_(formerly_wp_google_maps)
|
The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-03-13 |
4.4 |
CVE-2023-4839
security@wordfence.com
security@wordfence.com |
wpmu_dev — broken_link_checker
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. |
2024-03-15 |
5.9 |
CVE-2024-25592
audit@patchstack.com |
wpswings — ultimate_gift_cards_for_woocommerce_-_create,_redeem_&_manage_digital_gift_certificates_with_personalized_templates
|
The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data. |
2024-03-16 |
5.3 |
CVE-2024-1857
security@wordfence.com
security@wordfence.com |
wpvividplugins — wpvivid_backup_for_mainwp
|
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2024-03-13 |
6.1 |
CVE-2024-1383
security@wordfence.com
security@wordfence.com
security@wordfence.com |
wpwax — legal_pages
|
Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. |
2024-03-15 |
4.3 |
CVE-2023-50886
audit@patchstack.com |
xpeedstudio — elementskit_elementor_addons
|
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-16 |
6.4 |
CVE-2024-1239
security@wordfence.com
security@wordfence.com |
xpeedstudio — elementskit_elementor_addons
|
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-16 |
6.4 |
CVE-2024-2042
security@wordfence.com
security@wordfence.com
security@wordfence.com |
xpeedstudio — elementskit_elementor_addons
|
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-03-16 |
5.5 |
CVE-2023-6525
security@wordfence.com
security@wordfence.com
security@wordfence.com |
xpeedstudio — metform_elementor_contact_form_builder
|
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-03-13 |
6.4 |
CVE-2024-1585
security@wordfence.com
security@wordfence.com
security@wordfence.com |
xpeedstudio — wp_social_login_and_register_social_counter
|
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features. |
2024-03-13 |
6.5 |
CVE-2024-1763
security@wordfence.com
security@wordfence.com |
yonifre — maspik_-_spam_blacklist
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6. |
2024-03-13 |
5.9 |
CVE-2024-25101
audit@patchstack.com |
yooooomi — your_spotify
|
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify API access and refresh tokens to guest users. Attackers with access to a public token for guest access to YourSpotify can therefore obtain access to Spotify API tokens of YourSpotify users. As a consequence, attackers may extract profile information, information about listening habits, playlists and other information from the corresponding Spotify profile. In addition, the attacker can pause and resume playback in the Spotify app at will. This issue has been resolved in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this issue. |
2024-03-13 |
6.5 |
CVE-2024-28193
security-advisories@github.com |
yooooomi — your_spotify
|
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as allowing signup of other users or deleting the current user account. Clickjacking works by opening the target application in an invisible iframe on an attacker-controlled site and luring a victim to visit the attacker page and interacting with it. By positioning elements over the invisible iframe, a victim can be tricked into triggering malicious or destructive actions in the invisible iframe, while they think they interact with a totally different site altogether. When a victim visits an attacker-controlled site while they are logged into YourSpotify, they can be tricked into performing actions on their YourSpotify instance without their knowledge. These actions include allowing signup of other users or deleting the current user account, resulting in a high impact to the integrity of YourSpotify. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-13 |
6.5 |
CVE-2024-28196
security-advisories@github.com |
yooooomi — your_spotify
|
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2024-03-13 |
5.3 |
CVE-2024-28192
security-advisories@github.com |
zemana — antilogger
|
Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers |
2024-03-15 |
5.5 |
CVE-2024-2180
help@fluidattacks.com
help@fluidattacks.com |
zemana — antilogger
|
Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers. |
2024-03-15 |
5.5 |
CVE-2024-2204
help@fluidattacks.com
help@fluidattacks.com |
zemena — antilogger
|
Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. |
2024-03-14 |
5.5 |
CVE-2024-1853
help@fluidattacks.com
help@fluidattacks.com |
zoom_video_communications,_inc. — zoom_rooms_client_for_windows
|
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. |
2024-03-13 |
5.3 |
CVE-2024-24692
security@zoom.us |