Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.4CVSS
5.7AI Score
0.001EPSS
Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.8 due to insufficient input sanitization and output escaping......
5.9CVSS
5.7AI Score
0.0004EPSS
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
Themesflat Addons For Elementor <= 2.1.1 - Contributor+ Stored XSS via Widget Titles
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
6.4CVSS
5.8AI Score
0.0004EPSS
Description The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.8AI Score
0.001EPSS
Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Local File Inclusion
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with...
7.5CVSS
7.2AI Score
0.001EPSS
Description The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of...
8.8CVSS
7.2AI Score
0.001EPSS
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
7.6AI Score
0.0004EPSS
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
0.0004EPSS
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
5.5AI Score
0.0004EPSS
CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
0.0004EPSS
CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....
8.9CVSS
5.4AI Score
0.0004EPSS
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an...
6.7AI Score
0.001EPSS
Payment Gateway for Telcell < 2.0.4 - Open Redirect
The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect...
6.8AI Score
EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...
5.3CVSS
5.5AI Score
0.0005EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...
5.3CVSS
0.0005EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...
5.3CVSS
7.1AI Score
0.0005EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...
5.3CVSS
0.0005EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...
5.3CVSS
5.4AI Score
0.0005EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...
5.3CVSS
0.0005EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...
5.3CVSS
0.0005EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...
5.3CVSS
7.1AI Score
0.0005EPSS
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...
7.5AI Score
litellm is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in an SQL command within the /global/spend/logs endpoint, where the api_key parameter is concatenated directly into the query without validation. Successful exploitation could lead to...
6.4CVSS
7.3AI Score
0.0004EPSS
Prime Mover < 1.9.3 - Sensitive Data Exposure
Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...
7.5CVSS
6.7AI Score
0.003EPSS
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...
4.3CVSS
7AI Score
0.001EPSS
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...
4.3CVSS
0.001EPSS
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...
4.3CVSS
0.001EPSS
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...
4.3CVSS
7AI Score
0.001EPSS
Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data,....
5.3CVSS
6.8AI Score
0.001EPSS
Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due.....
6.4CVSS
5.8AI Score
0.001EPSS
Kernel Live Patch Security Notice
Details It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2023-6270) It was discovered that a race...
7.8CVSS
7.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...
4.3CVSS
4.8AI Score
0.0004EPSS
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...
8.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...
8.3CVSS
8.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...
8.3CVSS
7AI Score
0.0004EPSS