CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection
The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...
7.6AI Score
0.001EPSS
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6AI Score
0.001EPSS
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.2AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
6.1AI Score
0.0004EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
6.4CVSS
6.1AI Score
0.0004EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
5.8AI Score
0.0004EPSS
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
5.9AI Score
0.0004EPSS
The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for...
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-4544 Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass
The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for...
7.2AI Score
0.001EPSS
The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a.....
4.3CVSS
6.7AI Score
0.0005EPSS
The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojs_video shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6.1AI Score
0.001EPSS
The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojs_video shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.8AI Score
0.001EPSS
CVE-2024-4409 WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery
The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a.....
6.7AI Score
0.0005EPSS
JVN#35838128: WordPress Plugin "WP Booking" vulnerable to cross-site scripting
WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability (CWE-79). ## Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. ## Solution Update the plugin Update the plugin to...
6.1AI Score
0.0004EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
7.6AI Score
0.0004EPSS
virt:ol and virt-devel:rhel security and enhancement update
hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] -...
8.3AI Score
0.002EPSS
Image builder components bug fix, enhancement and security update
osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit tests in RHEL CI by backporting upstream fixes [104-1] - New upstream release [101-1] - New upstream release [100-2] - Change unit-test timeout...
6.8AI Score
0.0004EPSS
[2.02-156.0.1] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure [Orabug: 35126950] - Fix CVE-2022-3775 [Orabug: 34867710] - Bump SBAT metadata for grub to 3 [Orabug: 34871758] - Enable signing on aarch64 - Don't.....
6.9AI Score
0.001EPSS
ND Shortcodes < 7.6 - Authenticated (Author+) Stored Cross-Site Scripting
Description The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.001EPSS
6.8AI Score
0.0004EPSS
python39:3.9 and python39-devel:3.9 security update
mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...
6.7AI Score
0.005EPSS
Reviews and Rating – Google Reviews < 5.3 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated.....
5.8AI Score
0.0004EPSS
babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...
6.7AI Score
0.005EPSS
Testimonial Carousel For Elementor < 10.2.1 - Missing Authorization to Limited Setting Update
Description The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated...
6.7AI Score
0.001EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
Issue Overview: A flaw was found in ImageMagick, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability....
6.6AI Score
0.003EPSS
Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...
7.6AI Score
0.001EPSS
Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...
7.4AI Score
0.001EPSS
(RHSA-2024:2875) Important: OpenShift Container Platform 4.13.42 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the RPM...
6.8AI Score
0.037EPSS
Exploit for Vulnerability in Microsoft
SYNOPSIS Invoke BlackLotus mitigation step for step...
7.3AI Score
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.1AI Score
0.001EPSS
CVE-2024-4365 Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.001EPSS
Silverstripe XSS In rewritten hash links
A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href="#anchor") to be rewritten in an unsafe way. The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate...
6AI Score
Silverstripe XSS In rewritten hash links
A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href="#anchor") to be rewritten in an unsafe way. The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate...
6AI Score
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No...
8.1CVSS
7.9AI Score
0.001EPSS
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files....
9.8CVSS
8.5AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 110 vulnerabilities disclosed in 84...
9.4AI Score
0.001EPSS
SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a...
7AI Score
SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a...
7AI Score
Exploit for Allocation of Resources Without Limits or Throttling in Redhat Enterprise Linux
The DNS infrastructure used for this PoC was the one suggested...
7.2AI Score
CVE-2024-5085 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No...
7.7AI Score
0.001EPSS
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files....
8.3AI Score
0.001EPSS
(RHSA-2024:3341) Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.5AI Score
0.001EPSS
iFrames Bypass Origin Checks for Tauri API Access Control
Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent...
7.2AI Score
0.0004EPSS
iFrames Bypass Origin Checks for Tauri API Access Control
Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIO_START register when previous transfer has not yet completed (which is indicated by value 1 in PIO_START) causes an...
6.5AI Score
0.0004EPSS
The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and...
8CVSS
7.2AI Score
0.001EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions...
4.3CVSS
7AI Score
0.0004EPSS