Lucene search

K

* Security Vulnerabilities

cve
cve

CVE-2024-35689

Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
25
cve
cve

CVE-2024-35687

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
cve
cve

CVE-2024-35684

Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
cve
cve

CVE-2024-35679

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
cve
cve

CVE-2024-35682

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
cve
cve

CVE-2024-35681

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
cve
cve

CVE-2024-34765

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
24
cve
cve

CVE-2023-45707

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...

4.4CVSS

5.1AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
cve
cve

CVE-2024-35719

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagniGenie RestroPress allows Stored XSS.This issue affects RestroPress: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
20
cve
cve

CVE-2024-35718

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
cve
cve

CVE-2024-35714

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Idyllic allows Stored XSS.This issue affects Idyllic: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
22
cve
cve

CVE-2024-35715

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peregrine themes Bloglo allows Stored XSS.This issue affects Bloglo: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
cve
cve

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
cve
cve

CVE-2024-35708

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
cve
cve

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 02:15 PM
20
cve
cve

CVE-2024-35710

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-08 02:15 PM
24
cve
cve

CVE-2024-35711

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.This issue affects Event: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
24
cve
cve

CVE-2024-35707

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
cve
cve

CVE-2024-36970

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker...

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
22
cve
cve

CVE-2024-36967

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error...

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
24
cve
cve

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to...

6.2AI Score

0.0004EPSS

2024-06-08 01:15 PM
24
cve
cve

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

6AI Score

0.0004EPSS

2024-06-08 01:15 PM
23
cve
cve

CVE-2024-35752

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
22
cve
cve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

6.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
22
cve
cve

CVE-2024-36966

In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will be mistaken for fscache....

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
22
cve
cve

CVE-2024-35751

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
23
cve
cve

CVE-2024-35750

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...

8.5CVSS

8.9AI Score

0.0004EPSS

2024-06-08 01:15 PM
21
cve
cve

CVE-2024-35738

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
21
cve
cve

CVE-2024-35737

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-08 01:15 PM
21
cve
cve

CVE-2024-35740

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 01:15 PM
24
cve
cve

CVE-2024-35739

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
23
cve
cve

CVE-2024-35733

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for WooCommerce: from n/a through...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-08 01:15 PM
21
cve
cve

CVE-2024-35734

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-06-08 01:15 PM
21
cve
cve

CVE-2024-35732

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
23
cve
cve

CVE-2024-35736

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through...

8.5CVSS

8.9AI Score

0.0004EPSS

2024-06-08 01:15 PM
26
cve
cve

CVE-2024-35731

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
21
cve
cve

CVE-2024-35730

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-08 01:15 PM
23
cve
cve

CVE-2024-5766

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was...

2.4CVSS

3.5AI Score

0.0004EPSS

2024-06-08 12:15 PM
21
cve
cve

CVE-2024-35756

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.This issue affects Tooltip CK: from n/a through...

5.9CVSS

5.8AI Score

0.0004EPSS

2024-06-08 11:15 AM
24
cve
cve

CVE-2024-35755

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 11:15 AM
24
cve
cve

CVE-2024-35753

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 11:15 AM
23
cve
cve

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-08 09:15 AM
25
cve
cve

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS

4.2AI Score

0.001EPSS

2024-06-08 08:15 AM
22
cve
cve

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

6.4AI Score

0.0004EPSS

2024-06-08 07:15 AM
23
cve
cve

CVE-2024-5638

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
22
cve
cve

CVE-2024-5613

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
24
cve
cve

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
22
cve
cve

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the...

4.3CVSS

4.3AI Score

0.0004EPSS

2024-06-08 06:15 AM
22
cve
cve

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level...

4.2CVSS

4.1AI Score

0.001EPSS

2024-06-08 05:15 AM
23
cve
cve

CVE-2024-3668

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-08 05:15 AM
22
Total number of security vulnerabilities236850