The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it...
4.4CVSS
5.3AI Score
0.0004EPSS
The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it...
4.4CVSS
5.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through...
4.3CVSS
5.4AI Score
0.0004EPSS
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown...
6.4AI Score
0.0004EPSS
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown...
6.3AI Score
0.0004EPSS
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...
7.5AI Score
Carousel Slider < 2.2.11 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting...
6.1AI Score
0.0004EPSS
Carousel Slider < 2.2.11 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks PoC 1. Create a new slider and inset: (1212"onmouseover='alert(1)') to "URL View"...
5.8AI Score
0.0004EPSS
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tp_f_delete_transient() function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
4.3CVSS
6.7AI Score
0.0004EPSS
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown...
6.5AI Score
0.0004EPSS
(RHSA-2024:2568) Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass...
7.5AI Score
0.0005EPSS
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above,....
4.3CVSS
6.5AI Score
0.0004EPSS
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above,....
4.3CVSS
4.8AI Score
0.0004EPSS
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above,....
4.3CVSS
5.1AI Score
0.0004EPSS
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) ...
7.5CVSS
7.7AI Score
0.0005EPSS
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) ...
7.5CVSS
7.3AI Score
0.0005EPSS
RHEL 9 : grafana (RHSA-2024:2568)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2568 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): *...
7.5CVSS
7.1AI Score
0.0005EPSS
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we...
7.3AI Score
0.0004EPSS
[SECURITY] [DLA 3801-1] emacs security update
Debian LTS Advisory DLA-3801-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton April 29, 2024 https://wiki.debian.org/LTS Package : emacs Version : 1:26.1+1-3.2+deb10u5 CVE ID ...
6.2AI Score
0.0005EPSS
Image Slider < 1.1.127 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.125 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions...
5.9CVSS
5.9AI Score
0.0004EPSS
Coupon & Discount Code Reveal Button < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Coupon & Discount Code Reveal Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
6.1AI Score
0.0004EPSS
Sendinblue for WooCommerce < 4.0.18 - Authenticated (Editor+) Arbitrary File Download and Deletion
Description The Brevo for WooCommerce plugin for WordPress is vulnerable to arbitrary file download and deletion in all versions up to, and including, 4.0.17. This is due to the plugin not properly validating file names in the get_file_contents and delete_attachment functions. This makes it...
8.5CVSS
6.9AI Score
0.0004EPSS
Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
6.6AI Score
0.0004EPSS
Advanced Floating Content Lite < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Advanced Floating Content Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
5.9AI Score
0.0004EPSS
Description The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This...
4.4CVSS
5.8AI Score
0.0004EPSS
Foxit PDF Editor for Mac < 11.1.7 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed on the remote macOS host is prior to 11.1.7. It is, therefore affected by multiple vulnerabilities: Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution...
8.8CVSS
6.2AI Score
0.001EPSS
Foxit PDF Editor for Mac < 12.1.3 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed on the remote macOS host is prior to 12.1.3. It is, therefore affected by multiple vulnerabilities: Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution...
8.8CVSS
6.2AI Score
0.001EPSS
Foxit PDF Editor for Mac < 2024.2 Vulnerability
According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed on the remote macOS host is prior to 2024.2. It is, therefore affected by vulnerability: Note that Nessus has not tested for this issue but has instead relied only on the...
8.8CVSS
8.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4693 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
7.7AI Score
0.002EPSS
Foxit PDF Editor < 11.2.9 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.9. It is, therefore affected by multiple vulnerabilities: In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via...
8.8CVSS
7AI Score
0.001EPSS
Foxit PDF Editor < 2024.2 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 2024.2. It is, therefore affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the...
8.8CVSS
8.7AI Score
0.001EPSS
Foxit PDF Editor < 12.1.5 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 12.1.5. It is, therefore affected by multiple vulnerabilities: In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via...
8.8CVSS
7AI Score
0.001EPSS
Foxit PDF Editor < 13.1 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 13.1. It is, therefore affected by multiple vulnerabilities: In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via...
8.8CVSS
7AI Score
0.001EPSS
Foxit PDF Editor for Mac < 13.1 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed on the remote macOS host is prior to 13.1. It is, therefore affected by multiple vulnerabilities: Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution...
8.8CVSS
6.2AI Score
0.001EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
8.2CVSS
8.1AI Score
0.002EPSS
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks.....
7.6AI Score
0.0004EPSS
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks.....
5.4AI Score
0.0004EPSS
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.4AI Score
0.0004EPSS
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
7.6AI Score
0.0004EPSS
CVE-2024-2439 Salon booking system <= 9.6.5 - Editor+ Stored XSS
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
CVE-2024-2603 Salon booking system <= 9.6.5 - Editor+ Stored XSS via Email Settings
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks.....
5.6AI Score
0.0004EPSS
Popup4Phone <= 1.3.2 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Popup4Phone <= 1.3.2 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Popup4Phone >...
5.5AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
The Rise of Large-Language-Model Optimization
The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming....
6.7AI Score
WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WP File Download Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...
6.5CVSS
7.8AI Score
0.0004EPSS
Assessing the Y, and How, of the XZ Utils incident
High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....
7.6AI Score
CVE-2024-2972 Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
5.5AI Score
0.0004EPSS
Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
8.3AI Score
0.0004EPSS