Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery
Description The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.17. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.5AI Score
0.0004EPSS
Description The Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read the...
6.6AI Score
Piotnet Addons For Elementor Pro <= 7.1.17 - Missing Authorization to Arbitrary Post/Page Deletion
Description The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 7.1.17. This makes it possible for unauthenticated attackers to delete arbitrary pages and...
7AI Score
0.0004EPSS
ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels...
7.3AI Score
0.0004EPSS
7.3AI Score
(RHSA-2024:2433) Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other.....
5.5AI Score
0.0004EPSS
Cost Calculator Builder Pro < 3.1.68 - Unauthenticated Cross-Site Scripting via SVG Upload
Description The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1AI Score
0.0005EPSS
7.4AI Score
Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other.....
5.8AI Score
0.0004EPSS
Pouring Acid Rain By Max Kersten · April 30, 2024 In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. Their ongoing shows that wipers have.....
7.7AI Score
BMC software fails to validate IPMI session.
Overview The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network (with IPMI enabled) can abuse the lack of session integrity...
8.2AI Score
0.24EPSS
Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other.....
6.7AI Score
0.0004EPSS
7.3AI Score
7.3AI Score
7.3AI Score
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
7.5CVSS
7.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.6AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
5.4CVSS
7.5AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
5.4CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through...
6.6AI Score
0.0004EPSS
7.4AI Score
Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation
Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their...
7.3AI Score
0.0004EPSS
7.4AI Score
Max Addons Pro for Bricks < 1.6.2 - Missing Authorization
Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to reset the plugin's...
6.9AI Score
0.0004EPSS
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.4AI Score
Max Addons Pro for Bricks < 1.6.2 - Reflected Cross-Site Scripting
Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.5AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...
10AI Score
0.954EPSS
7.3AI Score
7.3AI Score
7.3AI Score
10 Critical Endpoint Security Tips You Should Know
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide...
7.4AI Score
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....
5.3CVSS
6.9AI Score
0.0004EPSS
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....
6.1AI Score
0.0004EPSS
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...
9.8CVSS
8.4AI Score
0.0004EPSS
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...
7.6AI Score
0.0004EPSS
Header Footer Code Manager Pro < 1.0.17 - Reflected Cross-Site Scripting via message
Description The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.7AI Score
0.0005EPSS
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at...
7.7AI Score
0.0004EPSS
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IPP server, which listens on TCP port 631 by default. The issue.....
7.3AI Score
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the...
8.2AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
0.012EPSS
7.3AI Score
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...
6.6AI Score
0.0004EPSS
7.3AI Score