Lucene search

K

Advanced Page Visit Counter – Advanced WordPress Visit Counter Security Vulnerabilities

nvd
nvd

CVE-2023-3204

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with.....

6.5CVSS

0.001EPSS

2024-06-20 02:15 AM
5
nvd
nvd

CVE-2024-3561

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

8.8CVSS

0.001EPSS

2024-06-20 02:15 AM
1
nvd
nvd

CVE-2024-3558

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

0.001EPSS

2024-06-20 02:15 AM
3
cve
cve

CVE-2024-3561

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-20 02:15 AM
24
cve
cve

CVE-2024-3558

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-20 02:15 AM
23
nvd
nvd

CVE-2024-1168

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated.....

6.4CVSS

0.0004EPSS

2024-06-20 02:15 AM
2
cve
cve

CVE-2023-3204

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with.....

6.5CVSS

6.2AI Score

0.001EPSS

2024-06-20 02:15 AM
22
cve
cve

CVE-2024-1168

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-20 02:15 AM
23
cvelist
cvelist

CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated...

8.8CVSS

0.001EPSS

2024-06-20 02:08 AM
5
vulnrichment
vulnrichment

CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated...

8.8CVSS

7.8AI Score

0.001EPSS

2024-06-20 02:08 AM
1
vulnrichment
vulnrichment

CVE-2024-3561 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) SQL Injection via Term Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

8.8CVSS

7.3AI Score

0.001EPSS

2024-06-20 02:08 AM
cvelist
cvelist

CVE-2024-3561 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) SQL Injection via Term Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

8.8CVSS

0.001EPSS

2024-06-20 02:08 AM
1
vulnrichment
vulnrichment

CVE-2024-1168 SEOPress – On-site SEO <= 7.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Social Image URL

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-20 02:08 AM
2
cvelist
cvelist

CVE-2024-1168 SEOPress – On-site SEO <= 7.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Social Image URL

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated.....

6.4CVSS

0.0004EPSS

2024-06-20 02:08 AM
4
cvelist
cvelist

CVE-2023-3204 Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with.....

6.5CVSS

0.001EPSS

2024-06-20 02:08 AM
3
vulnrichment
vulnrichment

CVE-2024-3558 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-20 02:08 AM
3
cvelist
cvelist

CVE-2024-3558 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

0.001EPSS

2024-06-20 02:08 AM
4
cvelist
cvelist

CVE-2024-3597 Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to....

7.1CVSS

0.0005EPSS

2024-06-20 02:08 AM
5
cvelist
cvelist

CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on.....

10CVSS

0.001EPSS

2024-06-20 02:08 AM
7
cvelist
cvelist

CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

0.0004EPSS

2024-06-20 02:08 AM
5
vulnrichment
vulnrichment

CVE-2024-5432 Lifeline Donation <= 1.2.6 - Authentication Bypass

The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-20 02:08 AM
2
cvelist
cvelist

CVE-2024-5432 Lifeline Donation <= 1.2.6 - Authentication Bypass

The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS

0.001EPSS

2024-06-20 02:08 AM
5
vulnrichment
vulnrichment

CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and...

9.8CVSS

7.1AI Score

0.001EPSS

2024-06-20 02:08 AM
2
cvelist
cvelist

CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and...

9.8CVSS

0.001EPSS

2024-06-20 02:08 AM
6
cvelist
cvelist

CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This.....

4.3CVSS

0.0004EPSS

2024-06-20 02:08 AM
2
cvelist
cvelist

CVE-2024-3627 Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible...

5.4CVSS

0.0004EPSS

2024-06-20 02:08 AM
6
cvelist
cvelist

CVE-2024-6179 XSS vulnerability in LG SuperSign CMS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before &lt;...

0.0005EPSS

2024-06-20 01:53 AM
3
cvelist
cvelist

CVE-2024-6178 XSS vulnerability in LG SuperSign CMS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before &lt;...

0.0005EPSS

2024-06-20 01:51 AM
1
vulnrichment
vulnrichment

CVE-2024-6177 XSS vulnerability in LG SuperSign CMS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before &lt;...

6.9AI Score

0.0005EPSS

2024-06-20 12:52 AM
cvelist
cvelist

CVE-2024-6177 XSS vulnerability in LG SuperSign CMS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before &lt;...

0.0005EPSS

2024-06-20 12:52 AM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...

9.8CVSS

9.9AI Score

0.019EPSS

2024-06-20 12:38 AM
10
alpinelinux
alpinelinux

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.6AI Score

0.001EPSS

2024-06-20 12:15 AM
2
cve
cve

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.6AI Score

0.001EPSS

2024-06-20 12:15 AM
46
osv
osv

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.5AI Score

0.001EPSS

2024-06-20 12:15 AM
2
nvd
nvd

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

0.001EPSS

2024-06-20 12:15 AM
5
alpinelinux
alpinelinux

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

7.4AI Score

0.001EPSS

2024-06-20 12:15 AM
4
debiancve
debiancve

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.6AI Score

0.001EPSS

2024-06-20 12:15 AM
3
debiancve
debiancve

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.2AI Score

0.001EPSS

2024-06-20 12:15 AM
5
nvd
nvd

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

0.001EPSS

2024-06-20 12:15 AM
2
osv
osv

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.9AI Score

0.001EPSS

2024-06-20 12:15 AM
4
cve
cve

CVE-2024-6103

Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

7AI Score

0.001EPSS

2024-06-20 12:15 AM
40
debiancve
debiancve

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.9AI Score

0.001EPSS

2024-06-20 12:15 AM
12
nvd
nvd

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

8.8CVSS

0.001EPSS

2024-06-20 12:15 AM
8
debiancve
debiancve

CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

8.8CVSS

5.9AI Score

0.001EPSS

2024-06-20 12:15 AM
4
osv
osv

CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.2AI Score

0.001EPSS

2024-06-20 12:15 AM
osv
osv

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

8.8CVSS

7.1AI Score

0.001EPSS

2024-06-20 12:15 AM
2
cve
cve

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

8.8CVSS

7.2AI Score

0.001EPSS

2024-06-20 12:15 AM
47
cve
cve

CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.3AI Score

0.001EPSS

2024-06-20 12:15 AM
37
alpinelinux
alpinelinux

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...

8.8CVSS

7.2AI Score

0.001EPSS

2024-06-20 12:15 AM
2
nvd
nvd

CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...

8.8CVSS

0.001EPSS

2024-06-20 12:15 AM
4
Total number of security vulnerabilities339029