The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for...
4.4CVSS
7.7AI Score
0.0004EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for...
4.4CVSS
4.3AI Score
0.0004EPSS
The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted...
7.2CVSS
7.3AI Score
0.0004EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for...
4.4CVSS
4.5AI Score
0.0004EPSS
The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above,.....
8.8CVSS
8.9AI Score
0.0004EPSS
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This...
6.4CVSS
5.8AI Score
0.0004EPSS
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 25th, 2024, during our second Bug Bounty...
9.8CVSS
8.6AI Score
0.001EPSS
Vulnerability of ImageMagick console graphical editor is related to memory usage after memory freeing when processing BMP files. when processing BMP files. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of...
6.2CVSS
7AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
GamiPress < 6.8.9 - Broken Access Control
Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access....
4.6AI Score
0.0004EPSS
GamiPress < 6.8.9 - Broken Access Control
Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access....
6.6AI Score
0.0004EPSS
Rehub < 19.6.2 - Authenticated (Editor+) Local File Inclusion
Description The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any.....
8CVSS
7.9AI Score
0.0004EPSS
grafana security and bug fix update
An update is available for grafana. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor...
7.5CVSS
7.5AI Score
0.0005EPSS
Important: grafana security and bug fix update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) Bug Fix(es): TRIAGE CVE-2024-1394 grafana: golang-fips/openssl:...
7.5CVSS
7.7AI Score
0.0005EPSS
Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on plugin configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
5.4AI Score
0.0004EPSS
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Salon > Services &g...
5.5AI Score
0.0004EPSS
Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on plugin configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
5.6AI Score
0.0004EPSS
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack are...
4.8CVSS
5.4AI Score
0.0004EPSS
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack are...
4.8CVSS
6.5AI Score
0.0004EPSS
CVE-2024-25696 Stored XSS in Portal for ArcGIS
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack are...
4.8CVSS
5.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
Description The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it...
4.4CVSS
6AI Score
0.0004EPSS
WordPress Page Builder – Zion Builder < 3.6.10 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WordPress Page Builder – Zion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
5.8AI Score
0.0004EPSS
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Reflected Cross-Site Scripting
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
7.1CVSS
6.3AI Score
0.0004EPSS
Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered....
6.9AI Score
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...
9.8CVSS
10AI Score
0.004EPSS
A vulnerability in the column.title and cellLinkTooltip components of the Grafana web-based data presentation tool is related to insufficient protection of the web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges A vulnerability in...
9.8CVSS
8.2AI Score
0.012EPSS
Description The B Slider - Slider for your block editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....
6.5CVSS
5.8AI Score
0.0004EPSS
Custom Field Bulk Editor <= 1.9.1 - Reflected Cross-Site Scripting
Description The Custom Field Bulk Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts....
7.1CVSS
6.3AI Score
0.0004EPSS
Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Fedora: Security Advisory for seamonkey (FEDORA-2024-ad50671f6c)
The remote host is missing an update for...
7.5AI Score
Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Chaty > New Widget" ...
5.3AI Score
0.0004EPSS
Custom WooCommerce Checkout Fields Editor < 1.3.1 - Cross-Site Request Forgery
Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized.....
4.3CVSS
6.5AI Score
0.0004EPSS
Fedora: Security Advisory for seamonkey (FEDORA-2024-31b196eaf1)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for seamonkey (FEDORA-2024-8890015ff3)
The remote host is missing an update for...
7.5AI Score
Landing Page Builder < 1.5.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.1.7 due to insufficient input sanitization and output escaping....
5.9CVSS
5.8AI Score
0.0004EPSS
This Week in Spring - April 2nd, 2024
Welcome, welcome, welcome, to another installment of This Week in Spring! You know, we've come a long way since you and I last spoke. It's April already! A new month! How bizarre. And, with the dawning of a new month, we're also more than 25% through this year! I sure hope you're paying attention.....
7.1AI Score
(RHSA-2024:1646) Important: grafana security and bug fix update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) Bug Fix(es): TRIAGE CVE-2024-1394 grafana: golang-fips/openssl:...
7.6AI Score
0.0005EPSS
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level....
4.3CVSS
4.3AI Score
0.0004EPSS
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level....
4.3CVSS
9AI Score
0.0004EPSS
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level....
4.3CVSS
4.7AI Score
0.0004EPSS
U.S. Dept Of Defense: Reflected XSS via Moodle on ███ [CVE-2022-35653]
Hi Security Team I found an xss vulnerability on your website [CVE-2022-35653] Refrence : https://vulners.com/nuclei/NUCLEI:CVE-2022-35653 if you wanna test this : ``` id: CVE-2022-35653 info: name: Moodle LTI module Reflected - Cross-Site Scripting author: iamnoooob,pdresearch severity:...
6.1CVSS
6AI Score
0.011EPSS
RHEL 8 : grafana (RHSA-2024:1646)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1646 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): *...
7.5CVSS
6.8AI Score
0.0005EPSS
Important: grafana security and bug fix update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) Bug Fix(es): TRIAGE CVE-2024-1394 grafana: golang-fips/openssl:...
7.5CVSS
7.4AI Score
0.0005EPSS
Important: grafana security and bug fix update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) Bug Fix(es): TRIAGE CVE-2024-1394 grafana: golang-fips/openssl:...
7.5CVSS
7.6AI Score
0.0005EPSS
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...
3.3CVSS
3.3AI Score
0.001EPSS
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...
3.3CVSS
3.6AI Score
0.001EPSS
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...
3.3CVSS
3.3AI Score
0.001EPSS