Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
EPSS
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....
4.3CVSS
4.4AI Score
EPSS
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....
9.8CVSS
EPSS
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....
4.3CVSS
EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
6AI Score
EPSS
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....
9.8CVSS
9.7AI Score
EPSS
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
7.5AI Score
EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
5.8AI Score
EPSS
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
EPSS
CVE-2024-5598 Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
EPSS
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....
9.8CVSS
EPSS
CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
EPSS
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....
4.3CVSS
EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
EPSS
CVE-2021-21704 affecting package php 7.4.14-3
CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.9CVSS
7AI Score
0.004EPSS
CVE-2007-3205 affecting package php 7.4.14-3
CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...
6.9AI Score
0.065EPSS
CVE-2011-1429 affecting package mutt 2.2.12-1
CVE-2011-1429 affecting package mutt 2.2.12-1. No patch is available...
6.4AI Score
0.003EPSS
CVE-2017-9120 affecting package php 7.4.14-3
CVE-2017-9120 affecting package php 7.4.14-3. This CVE either no longer is or was never...
9.8CVSS
7.5AI Score
0.009EPSS
CVE-2017-8923 affecting package php 7.4.14-3
CVE-2017-8923 affecting package php 7.4.14-3. This CVE either no longer is or was never...
9.8CVSS
7.5AI Score
0.005EPSS
CVE-2022-36033 affecting package jsoup 1.11.3-3
CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available...
6.1CVSS
8AI Score
0.001EPSS
CVE-2022-25857 affecting package snakeyaml 1.25-2
CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.3AI Score
0.002EPSS
CVE-2017-9118 affecting package php 7.4.14-3
CVE-2017-9118 affecting package php 7.4.14-3. This CVE either no longer is or was never...
7.5CVSS
7.5AI Score
0.002EPSS
CVE-2021-46828 affecting package libtirpc 1.3.3-1
CVE-2021-46828 affecting package libtirpc 1.3.3-1. This CVE either no longer is or was never...
7.5CVSS
9.1AI Score
0.005EPSS
CVE-2021-3847 affecting package kernel 5.15.158.2-1
CVE-2021-3847 affecting package kernel 5.15.158.2-1. No patch is available...
7.8CVSS
7.7AI Score
0.0004EPSS
CVE-2020-7071 affecting package php 7.4.14-3
CVE-2020-7071 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.3CVSS
6.6AI Score
0.006EPSS
CVE-2007-6353 affecting package exiv2 0.28.0-1
CVE-2007-6353 affecting package exiv2 0.28.0-1. No patch is available...
6.4AI Score
0.021EPSS
CVE-2007-1397 affecting package fish 3.6.2-1
CVE-2007-1397 affecting package fish 3.6.2-1. This CVE either no longer is or was never...
6.5AI Score
0.171EPSS
CVE-2022-31626 affecting package php 7.4.14-3
CVE-2022-31626 affecting package php 7.4.14-3. This CVE either no longer is or was never...
8.8CVSS
9.8AI Score
0.008EPSS
CVE-1999-0965 affecting package xterm 380-1
CVE-1999-0965 affecting package xterm 380-1. No patch is available...
6.9AI Score
0.0004EPSS
CVE-2021-21705 affecting package php 7.4.14-3
CVE-2021-21705 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.3CVSS
6.6AI Score
0.001EPSS
CVE-2021-21703 affecting package php 7.4.14-3
CVE-2021-21703 affecting package php 7.4.14-3. This CVE either no longer is or was never...
7.8CVSS
9.6AI Score
0.001EPSS
CVE-2020-27827 affecting package lldpd 1.0.4-3
CVE-2020-27827 affecting package lldpd 1.0.4-3. This CVE either no longer is or was never...
7.5CVSS
7.6AI Score
0.006EPSS
CVE-2021-3634 affecting package libssh 0.9.5-2
CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never...
6.5CVSS
9.7AI Score
0.006EPSS
CVE-2011-4966 affecting package freeradius 3.2.3-2
CVE-2011-4966 affecting package freeradius 3.2.3-2. No patch is available...
6.4AI Score
0.003EPSS
CVE-2002-0318 affecting package freeradius 3.2.3-2
CVE-2002-0318 affecting package freeradius 3.2.3-2. No patch is available...
6.9AI Score
0.005EPSS
CVE-2021-21707 affecting package php 7.4.14-3
CVE-2021-21707 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.3CVSS
9.6AI Score
0.001EPSS
CVE-2022-31625 affecting package php 7.4.14-3
CVE-2022-31625 affecting package php 7.4.14-3. This CVE either no longer is or was never...
8.1CVSS
9.8AI Score
0.004EPSS
CVE-2021-21708 affecting package php 7.4.14-3
CVE-2021-21708 affecting package php 7.4.14-3. This CVE either no longer is or was never...
9.8CVSS
9.9AI Score
0.003EPSS
CVE-2017-18640 affecting package snakeyaml 1.25-2
CVE-2017-18640 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...
7.5CVSS
9.6AI Score
0.019EPSS
CVE-2021-21702 affecting package php 7.4.14-3
CVE-2021-21702 affecting package php 7.4.14-3. This CVE either no longer is or was never...
7.5CVSS
8.2AI Score
0.012EPSS
CVE-2021-37714 affecting package jsoup 1.11.3-3
CVE-2021-37714 affecting package jsoup 1.11.3-3. No patch is available...
7.5CVSS
7.8AI Score
0.009EPSS
CVE-2016-2568 affecting package polkit 0.119-3
CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...
7.8CVSS
7.9AI Score
0.0004EPSS
CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1
CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1. A patched version of the package is...
5.9CVSS
6.8AI Score
0.963EPSS
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...
5.9CVSS
6.8AI Score
0.963EPSS
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1
CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...
8CVSS
9.9AI Score
0.0004EPSS
CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1
CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...
7.5CVSS
9.1AI Score
0.001EPSS