Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
EPSS
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....
4.3CVSS
4.4AI Score
EPSS
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....
9.8CVSS
EPSS
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....
4.3CVSS
EPSS
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....
9.8CVSS
9.7AI Score
EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
6AI Score
EPSS
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
7.5AI Score
EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
5.8AI Score
EPSS
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
EPSS
CVE-2024-5598 Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
EPSS
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied....
9.8CVSS
EPSS
CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
EPSS
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....
4.3CVSS
EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
EPSS
CVE-2020-27748 affecting package xdg-utils 1.1.3-7
CVE-2020-27748 affecting package xdg-utils 1.1.3-7. No patch is available...
6.5CVSS
7.5AI Score
0.002EPSS
CVE-2019-16707 affecting package hunspell 1.7.0-7
CVE-2019-16707 affecting package hunspell 1.7.0-7. This CVE either no longer is or was never...
6.5CVSS
7AI Score
0.003EPSS
CVE-2010-4756 affecting package glibc 2.35-7
CVE-2010-4756 affecting package glibc 2.35-7. This CVE either no longer is or was never...
6.4AI Score
0.008EPSS
CVE-2023-0687 affecting package glibc 2.35-7
CVE-2023-0687 affecting package glibc 2.35-7. This CVE either no longer is or was never...
9.8CVSS
9.6AI Score
0.001EPSS
CVE-2022-4055 affecting package xdg-utils 1.1.3-7
CVE-2022-4055 affecting package xdg-utils 1.1.3-7. No patch is available...
7.4CVSS
7.5AI Score
0.001EPSS
CVE-2022-1941 affecting package grpc 1.42.0-7
CVE-2022-1941 affecting package grpc 1.42.0-7. This CVE either no longer is or was never...
7.5CVSS
8AI Score
0.002EPSS
CVE-2022-40898 affecting package python-wheel 0.33.6-7
CVE-2022-40898 affecting package python-wheel 0.33.6-7. No patch is available...
7.5CVSS
7.7AI Score
0.003EPSS
CVE-2024-23653 affecting package moby-compose for versions less than 2.17.2-7
CVE-2024-23653 affecting package moby-compose for versions less than 2.17.2-7. A patched version of the package is...
9.8CVSS
7.3AI Score
0.001EPSS
CVE-2022-4904 affecting package grpc 1.42.0-7
CVE-2022-4904 affecting package grpc 1.42.0-7. No patch is available...
8.6CVSS
8.9AI Score
0.001EPSS
CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7
CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7. This CVE either no longer is or was never...
6.2CVSS
6.9AI Score
0.001EPSS
CVE-2021-46023 affecting package rust 1.72.0-7
CVE-2021-46023 affecting package rust 1.72.0-7. This CVE either no longer is or was never...
7.5CVSS
7.6AI Score
0.001EPSS
CVE-2021-25741 affecting package kubernetes-1.21.2 1.21.2-7
CVE-2021-25741 affecting package kubernetes-1.21.2 1.21.2-7. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2016-2568 affecting package polkit 0.116-7
CVE-2016-2568 affecting package polkit 0.116-7. No patch is available...
7.8CVSS
7.5AI Score
0.0004EPSS
CVE-2021-25741 affecting package kubernetes-1.20.9 1.20.9-7
CVE-2021-25741 affecting package kubernetes-1.20.9 1.20.9-7. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2019-20633 affecting package patch 2.7.6-7
CVE-2019-20633 affecting package patch 2.7.6-7. No patch is available...
5.5CVSS
7.5AI Score
0.001EPSS
CVE-2021-25741 affecting package kubernetes-1.19.11 1.19.11-7
CVE-2021-25741 affecting package kubernetes-1.19.11 1.19.11-7. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2021-25741 affecting package kubernetes-1.21.1 1.21.1-7
CVE-2021-25741 affecting package kubernetes-1.21.1 1.21.1-7. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2022-3857 affecting package qt5-qtbase 5.12.11-7
CVE-2022-3857 affecting package qt5-qtbase 5.12.11-7. No patch is available...
5.5CVSS
7.5AI Score
0.001EPSS
CVE-2022-41725 affecting package gcc 9.1.0-7
CVE-2022-41725 affecting package gcc 9.1.0-7. This CVE either no longer is or was never...
7.5CVSS
9.9AI Score
0.001EPSS
CVE-2021-3996 affecting package util-linux 2.32.1-7
CVE-2021-3996 affecting package util-linux 2.32.1-7. This CVE either no longer is or was never...
5.5CVSS
5.9AI Score
0.0004EPSS
CVE-2022-41724 affecting package gcc 9.1.0-7
CVE-2022-41724 affecting package gcc 9.1.0-7. This CVE either no longer is or was never...
7.5CVSS
9AI Score
0.001EPSS
CVE-2023-25193 affecting package qt5-qtbase 5.12.11-7
CVE-2023-25193 affecting package qt5-qtbase 5.12.11-7. This CVE either no longer is or was never...
7.5CVSS
8.2AI Score
0.002EPSS
CVE-2021-3995 affecting package util-linux 2.32.1-7
CVE-2021-3995 affecting package util-linux 2.32.1-7. This CVE either no longer is or was never...
5.5CVSS
5.9AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, trust-manager, nodetaint, buf, gomplate, prometheus-operator, helm-operator, prometheus-postgres-exporter, grpc-health-probe, vexctl, kubernetes-dns-node-cache, grafana-agent-operator, aws-efs-csi-driver, containerd, cilium, tctl,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: cni-plugins, gomplate, nats-server, vexctl, docker-cli, containerd, nri-elasticsearch, nri-jmx, xcaddy, yam, newrelic-infrastructure-agent, spire-server, ipfs, nri-nginx, telegraf, bincapz, flannel-cni-plugin, cadvisor, pulumi, gobump, sbom-scorecard, zot, ytt,...
6.8AI Score
0.0004EPSS