Lucene search

K

Event Calendar – Calendar (WordPress Plugin) Security Vulnerabilities

cve
cve

CVE-2024-5344

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

6AI Score

0.0005EPSS

2024-06-21 02:15 AM
13
nvd
nvd

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

0.001EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

0.001EPSS

2024-06-21 02:15 AM
3
cve
cve

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

5.2AI Score

0.001EPSS

2024-06-21 02:15 AM
12
nvd
nvd

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

0.001EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

0.0005EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

4.3AI Score

0.001EPSS

2024-06-21 02:15 AM
12
cve
cve

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

6.2AI Score

0.0005EPSS

2024-06-21 02:15 AM
13
nvd
nvd

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

0.0004EPSS

2024-06-21 02:15 AM
5
cve
cve

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-21 02:15 AM
13
cvelist
cvelist

CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

0.0004EPSS

2024-06-21 02:05 AM
cvelist
cvelist

CVE-2024-1955 Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

0.001EPSS

2024-06-21 02:05 AM
3
vulnrichment
vulnrichment

CVE-2024-1955 Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

6.5AI Score

0.001EPSS

2024-06-21 02:05 AM
cvelist
cvelist

CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

0.001EPSS

2024-06-21 02:05 AM
3
vulnrichment
vulnrichment

CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

6.6AI Score

0.001EPSS

2024-06-21 02:05 AM
cvelist
cvelist

CVE-2024-1639 License Manager for WooCommerce <= 3.0.7 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

0.0005EPSS

2024-06-21 02:05 AM
2
vulnrichment
vulnrichment

CVE-2024-1639 License Manager for WooCommerce <= 3.0.7 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-06-21 02:05 AM
cvelist
cvelist

CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

0.001EPSS

2024-06-21 02:05 AM
1
vulnrichment
vulnrichment

CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

7.7AI Score

0.001EPSS

2024-06-21 02:05 AM
1
cvelist
cvelist

CVE-2024-5344 The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

0.0005EPSS

2024-06-21 02:05 AM
3
githubexploit
githubexploit

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

CVE-2023-30253 CVE-2023-30253 PoC Description This is my...

8.8CVSS

7.8AI Score

0.008EPSS

2024-06-21 01:41 AM
88
nessus
nessus

Fedora 39 : webkitgtk (2024-826bf5a09a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-826bf5a09a advisory. Update to 2.44.2: * Make gamepads visible on axis movements, and not only on button presses. * Disable the gst-libav AAC decoder. * Make user scripts and...

7.1AI Score

0.0004EPSS

2024-06-21 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2106-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2106-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...

8.8CVSS

9.4AI Score

0.0004EPSS

2024-06-21 12:00 AM
3
nessus
nessus

FreeBSD : chromium -- multiple security fixes (007e7e77-2f06-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 007e7e77-2f06-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 6 security fixes: Tenable has extracted the...

8.8CVSS

7.1AI Score

0.001EPSS

2024-06-21 12:00 AM
1
nessus
nessus

FreeBSD : openvpn -- two security fixes (142c538e-b18f-40a1-afac-c479effadd5c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 142c538e-b18f-40a1-afac-c479effadd5c advisory. Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows):...

7.4AI Score

EPSS

2024-06-21 12:00 AM
3
nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:4036)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4036 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

7.7AI Score

0.0004EPSS

2024-06-21 12:00 AM
nessus
nessus

Oracle Linux 9 : nghttp2 (ELSA-2024-3501)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3501 advisory. [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) Tenable has extracted the preceding description block directly from the Oracle Linux.....

7.5CVSS

6.2AI Score

0.005EPSS

2024-06-21 12:00 AM
nessus
nessus

CentOS 7 : thunderbird (RHSA-2024:4016)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects...

7.6AI Score

0.0004EPSS

2024-06-21 12:00 AM
nessus
nessus

FreeBSD : qt5-webengine -- Multiple vulnerabilities (aa2b65e4-2f63-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the aa2b65e4-2f63-11ef-9cab-4ccc6adda413 advisory. Backports for 5 security bugs in Chromium: Tenable has extracted the preceding description...

8.8CVSS

7.6AI Score

0.001EPSS

2024-06-21 12:00 AM
nessus
nessus

Fedora 39 : chromium (2024-dd14eefb0e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dd14eefb0e advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...

8.8CVSS

9.4AI Score

0.001EPSS

2024-06-21 12:00 AM
nessus
nessus

Fedora 40 : chromium (2024-d2b54d5a9d)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d2b54d5a9d advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...

8.8CVSS

9.4AI Score

0.001EPSS

2024-06-21 12:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2024:2108-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2108-1 advisory. Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request...

6.9AI Score

0.0004EPSS

2024-06-21 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-2)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-2 advisory. - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5....

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-21 12:00 AM
1
nessus
nessus

RHEL 8 : ovn-2021 (RHSA-2024:4035)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...

6.5CVSS

6.9AI Score

0.0005EPSS

2024-06-21 12:00 AM
nessus
nessus

AlmaLinux 8 : thunderbird (ALSA-2024:4036)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4036 advisory. * thunderbird: Use-after-free in networking (CVE-2024-5702) * thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) * thunderbird:...

7.8AI Score

0.0004EPSS

2024-06-21 12:00 AM
1
nessus
nessus

Oracle Linux 8 : thunderbird (ELSA-2024-4036)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4036 advisory. [115.12.1-1.0.1] - Add Oracle prefs file [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to...

7.3AI Score

0.0004EPSS

2024-06-21 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38874

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-21 12:00 AM
nessus
nessus

FreeBSD : qt6-webengine -- Multiple vulnerabilities (c5415838-2f52-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c5415838-2f52-11ef-9cab-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: Tenable has...

8.8CVSS

7.7AI Score

0.003EPSS

2024-06-21 12:00 AM
2
wpvulndb
wpvulndb

Greenshift – animation and page builder blocks < 8.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social share block in all versions up to, and including, 8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes....

6.5CVSS

5.9AI Score

0.0004EPSS

2024-06-21 12:00 AM
cvelist
cvelist

CVE-2024-38874

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

5.4CVSS

0.0004EPSS

2024-06-21 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2107-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2107-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...

8.8CVSS

9.4AI Score

0.0004EPSS

2024-06-21 12:00 AM
1
nessus
nessus

SUSE SLES12 Security Update : hdf5 (SUSE-SU-2024:2105-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2105-1 advisory. - Fix various security issues in hdf5 (bsc#1224158): CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...

8.1CVSS

7.4AI Score

EPSS

2024-06-21 12:00 AM
osv
osv

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

9CVSS

9.1AI Score

0.0004EPSS

2024-06-20 11:15 PM
1
osv
osv

Malicious code in wordpress-theme-core (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (80d5f0fae64f9ea46cc8e1c401dac2109bdf35aedbca211a71890a83dec4722f) The OpenSSF Package Analysis project identified 'wordpress-theme-core' @ 0.0.1 (npm) as malicious. It is considered malicious because: The...

7.3AI Score

2024-06-20 03:28 PM
cve
cve

CVE-2024-37222

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...

7.1CVSS

6.5AI Score

0.0004EPSS

2024-06-20 03:15 PM
16
nvd
nvd

CVE-2024-37222

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...

7.1CVSS

0.0004EPSS

2024-06-20 03:15 PM
2
cve
cve

CVE-2024-5156

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-20 02:15 PM
15
nvd
nvd

CVE-2024-5156

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with.....

6.4CVSS

0.0004EPSS

2024-06-20 02:15 PM
1
cvelist
cvelist

CVE-2024-37222 WordPress Master Slider plugin <= 3.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...

7.1CVSS

0.0004EPSS

2024-06-20 02:12 PM
vulnrichment
vulnrichment

CVE-2024-37222 WordPress Master Slider plugin <= 3.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...

7.1CVSS

6AI Score

0.0004EPSS

2024-06-20 02:12 PM
Total number of security vulnerabilities271182