Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.8AI Score
EPSS
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
9.6AI Score
0.001EPSS
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
0.001EPSS
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running...
0.0004EPSS
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running...
6.5AI Score
0.0004EPSS
CVE-2023-7270 Local Privilege Escalation via MSI installer
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running...
0.0004EPSS
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
7AI Score
0.001EPSS
CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...
9.8CVSS
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.1AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.8AI Score
0.001EPSS
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......
5.5CVSS
6.7AI Score
0.001EPSS
RHEL 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
8.3CVSS
6.1AI Score
0.0004EPSS
@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and.....
5.3CVSS
6.8AI Score
0.0004EPSS
Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty and libcurl. The flaws can lead to weaker than expected security for outbound TLS connections and bypass of security restrictions, as described in the "Vulnerability...
6.5CVSS
7AI Score
0.001EPSS
Summary IBM Cloud Pak for Network Automation 2.7.4 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2022-48554 DESCRIPTION: **File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr...
7.8CVSS
9.6AI Score
EPSS
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...
9.8CVSS
10AI Score
EPSS
8.1CVSS
7AI Score
0.017EPSS
8.1CVSS
7.1AI Score
0.017EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6)
The version of AOS installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6 advisory. There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and...
9.8CVSS
7.5AI Score
0.003EPSS
8.1CVSS
7AI Score
EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.0.5)
The version of AOS installed on the remote host is prior to 6.8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.0.5 advisory. An information disclosure vulnerability exists in...
9.8CVSS
8.3AI Score
0.05EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...
9.8CVSS
8.7AI Score
EPSS
chateau-de-rochecotte.com Cross Site Scripting vulnerability OBB-3938845
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
radelier-de-la-loue.asso-web.com Cross Site Scripting vulnerability OBB-3938608
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-zs573s9c (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-z37p7v3v (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-vdf2 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-urwrt5 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-urwe4 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-urt5 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-update (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-uhui2 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-u76gt4hy (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-u3hfkzl2 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-suld1k1j (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-sskyf (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-ssedf (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-srb62y53 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-sgrg (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-sf33g (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-sdwer5 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-sdrf (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-sdrdf (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-sdfs8 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-pshg (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-s9qk0iam (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-roblox-robux-generator-2023-de-prrgr (npm)
-= Per source details. Do not edit below this...
7.1AI Score