Lucene search

K

Business Directory Plugin | GeoDirectory Security Vulnerabilities

nvd
nvd

CVE-2024-5344

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-5344

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

6AI Score

EPSS

2024-06-21 02:15 AM
3
nvd
nvd

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

5.2AI Score

EPSS

2024-06-21 02:15 AM
1
nvd
nvd

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

4.3AI Score

EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

6.2AI Score

EPSS

2024-06-21 02:15 AM
3
nvd
nvd

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

4.4AI Score

EPSS

2024-06-21 02:15 AM
2
cvelist
cvelist

CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

EPSS

2024-06-21 02:05 AM
cvelist
cvelist

CVE-2024-1955 Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

EPSS

2024-06-21 02:05 AM
3
cvelist
cvelist

CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

EPSS

2024-06-21 02:05 AM
2
cvelist
cvelist

CVE-2024-1639 License Manager for WooCommerce <= 3.0.7 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

EPSS

2024-06-21 02:05 AM
2
cvelist
cvelist

CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

EPSS

2024-06-21 02:05 AM
1
cvelist
cvelist

CVE-2024-5344 The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

EPSS

2024-06-21 02:05 AM
3
githubexploit
githubexploit

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253 CVE-2023-30253 PoC Description This is my...

8.8CVSS

7.8AI Score

0.008EPSS

2024-06-21 01:41 AM
3
nvd
nvd

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...

6.3CVSS

EPSS

2024-06-20 09:15 PM
2
cve
cve

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...

6.3CVSS

7.2AI Score

EPSS

2024-06-20 09:15 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-37742

CVE-2024-37742: Clipboard Exploit in SEB ≤ 3.5.0 (Windows)...

7.3AI Score

EPSS

2024-06-20 09:01 PM
8
githubexploit
githubexploit

Exploit for Path Traversal in Gitlab

CVE-2023-2825 (Unauthenticated) Directory traversal leads...

10CVSS

6.8AI Score

0.167EPSS

2024-06-20 08:22 PM
8
krebs
krebs

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The...

6.8AI Score

2024-06-20 07:16 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-34470

HSC MailInspector - CVE-2024-34470 A critical...

7AI Score

0.001EPSS

2024-06-20 04:47 PM
16
ibm
ibm

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details **.....

8CVSS

8.8AI Score

0.004EPSS

2024-06-20 03:31 PM
3
cve
cve

CVE-2024-37222

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...

7.1CVSS

6.5AI Score

EPSS

2024-06-20 03:15 PM
2
nvd
nvd

CVE-2024-37222

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...

7.1CVSS

EPSS

2024-06-20 03:15 PM
2
github
github

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in...

8.5AI Score

2024-06-20 03:00 PM
2
cvelist
cvelist

CVE-2024-37222 WordPress Master Slider plugin <= 3.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...

7.1CVSS

EPSS

2024-06-20 02:12 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.3AI Score

EPSS

2024-06-20 01:40 PM
2
ics
ics

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: CAREL Equipment: Boss-Mini Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-20 12:00 PM
osv
osv

BIT-python-2024-0397

A defect was discovered in the Python “ssl” module where there is a memoryrace condition with the ssl.SSLContext methods “cert_store_stats()” and“get_ca_certs()”. The race condition can be triggered if the methods arecalled at the same time as certificates are loaded into the SSLContext,such as...

6.1AI Score

0.0004EPSS

2024-06-20 11:18 AM
4
cve
cve

CVE-2024-5036

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

6.4CVSS

5.7AI Score

EPSS

2024-06-20 11:15 AM
1
nvd
nvd

CVE-2024-5036

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

6.4CVSS

EPSS

2024-06-20 11:15 AM
2
cvelist
cvelist

CVE-2024-5036 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

6.4CVSS

EPSS

2024-06-20 11:06 AM
githubexploit
githubexploit

Exploit for CVE-2024-36527

CVE-2024-36527 PoC and Bulk Scanner...

6.9AI Score

0.0004EPSS

2024-06-20 09:42 AM
19
nvd
nvd

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....

9.8CVSS

0.001EPSS

2024-06-20 07:15 AM
3
cve
cve

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....

9.8CVSS

10AI Score

0.001EPSS

2024-06-20 07:15 AM
5
cvelist
cvelist

CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....

9.8CVSS

0.001EPSS

2024-06-20 06:58 AM
3
cve
cve

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...

7.3AI Score

0.0004EPSS

2024-06-20 06:15 AM
4
nvd
nvd

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...

0.0004EPSS

2024-06-20 06:15 AM
4
nvd
nvd

CVE-2024-5475

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-20 06:15 AM
3
cve
cve

CVE-2024-5475

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.6AI Score

0.0004EPSS

2024-06-20 06:15 AM
6
cve
cve

CVE-2024-4565

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct...

6.4AI Score

0.0004EPSS

2024-06-20 06:15 AM
6
nvd
nvd

CVE-2024-4565

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct...

0.0004EPSS

2024-06-20 06:15 AM
3
vulnrichment
vulnrichment

CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...

7.6AI Score

0.0004EPSS

2024-06-20 06:00 AM
cvelist
cvelist

CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...

0.0004EPSS

2024-06-20 06:00 AM
3
cvelist
cvelist

CVE-2024-5475 Responsive video embed < 0.5.1 - Contributor+ Stored XSS

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-20 06:00 AM
3
vulnrichment
vulnrichment

CVE-2024-5475 Responsive video embed < 0.5.1 - Contributor+ Stored XSS

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-06-20 06:00 AM
cvelist
cvelist

CVE-2024-4565 Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct...

0.0004EPSS

2024-06-20 06:00 AM
3
Total number of security vulnerabilities347073