Classified Listing Store & Membership Addon Security Vulnerabilities

CVE-2024-4216

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client...

CVE-2024-4216

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client...

CVE-2024-4216 XSS vulnerability in /settings/store API response json payload in pgAdmin 4

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client...

CVE-2024-4216 XSS vulnerability in /settings/store API response json payload in pgAdmin 4

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client...

CVE-2024-4133

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This....

CVE-2024-4133

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This....

CVE-2024-3936

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...

CVE-2024-3936

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...

CVE-2024-3743

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping....

CVE-2024-3870

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...

CVE-2024-3743

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping....

CVE-2024-3870

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...

CVE-2024-2867

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization.....

CVE-2024-2867

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization.....

CVE-2024-2765

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...

CVE-2024-2765

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...

CVE-2024-1688

The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the...

CVE-2024-1688

The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the...

CVE-2024-3936

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...

CVE-2024-3743

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping....

CVE-2024-3870

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...

CVE-2024-3870

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...

CVE-2024-2765

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...

CVE-2024-2765

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...

CVE-2024-4133

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This....

CVE-2024-1688

The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the...

CVE-2024-2867

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization.....

Introducing Artifact Attestations–now in public beta

There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100M developers building on GitHub, we want to ensure developers have the tools needed to help...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for April 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF032 and 23.0.2-IF004. Vulnerability Details ** CVEID: CVE-2024-22353 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through...

Pet Manager <= 1.4 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

Universal Forwarders < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0614)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0614 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

kernel security, bug fix, and enhancement update

[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

Universal Forwarder 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0809)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0809 advisory. Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap...

qemu-kvm security update

[8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] -...

Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory. decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. (CVE-2022-38900) The got package...

RHCOS 4 : OpenShift Container Platform 4.12.56 (RHSA-2024:1899)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1899 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....

Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0109)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0109 advisory. Line directives (//line) can be used to bypass the restrictions on //go:cgo_ directives, allowing blocked linker and...

Pet Manager <= 1.4 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC 1. Add a pet and publish the listing 2. View the pet on the frontend of the site and....

RHCOS 4 : OpenShift Container Platform 4.14.22 (RHSA-2024:1897)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1897 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

RHCOS 4 : OpenShift Container Platform 4.15.10 (RHSA-2024:1892)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1892 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....

CVE-2024-27045

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below:...

CVE-2024-26933

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...

static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names

Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like <img src>.txt will allow JavaScript code execution in the context of the web server’s domain. Details SWS generally does not perform escaping of...

static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names

Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like <img src>.txt will allow JavaScript code execution in the context of the web server’s domain. Details SWS generally does not perform escaping of...

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Cisco Talos' Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files. The Peplink Smart.....

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS...