Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the...
8.2AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
7.3AI Score
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...
5.3CVSS
5.4AI Score
0.0004EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...
5.3CVSS
5.6AI Score
0.0004EPSS
CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...
5.3CVSS
7AI Score
0.0004EPSS
7.3AI Score
7.3AI Score
WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File
Description The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated...
5.3CVSS
6.7AI Score
0.0004EPSS
HP Software Packages (SoftPaqs) – Potential Escalation of Privilege
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). HP has provided updated software packages (SoftPaqs) available from our...
8AI Score
0.0004EPSS
LoginPress Pro < 3.0.0 - Unauthenticated License Activation/Deactivation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attacks to activate and deactivate...
6.5CVSS
6.4AI Score
0.0004EPSS
Description The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload...
9.8CVSS
8.2AI Score
0.0004EPSS
Description The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include...
8.8CVSS
7.9AI Score
0.0004EPSS
LoginPress Pro < 3.0.0 - Captcha Bypass
Description The plugin is vulnerable to Bypass, allowing unauthenticated attackers to bypass the Captcha...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...
6.5CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...
6.5CVSS
6.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
7.3AI Score
Gradio - Server Side Request Forgery
An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...
6.5CVSS
6.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets
Free to use IOC feed for various tools/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses shodan.io/">Shodan searches to collect the IPs. The most recent collection is always stored in data; the IPs are broken down by tool and there ...
7.1AI Score
Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 13.3.1 via log files. This makes it possible for...
5.3CVSS
6.6AI Score
0.0004EPSS
Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 13.2.5 due to insufficient input sanitization and output...
7.1CVSS
6.5AI Score
0.0004EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
5.3CVSS
5.6AI Score
0.0004EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
5.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
7.3AI Score
CVE-2024-32679 WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32679 WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
7.3AI Score
7.3AI Score
[potential DoS via resource consumption via specially crafted inputs to idna.encode()] Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://github.com/kjd/idna/issues/175 Notes Author| Note ---|--- mdeslaur | On focal and...
6.3AI Score
EPSS
FileOrganizer and FileOrganizer Pro < 1.0.7 - Authenticated Stored Cross-Site Scripting
Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated.....
4.4CVSS
6AI Score
0.0004EPSS
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1)....
7.4AI Score
0.0004EPSS
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1)....
7.2AI Score
0.0004EPSS
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
6.4AI Score
0.0004EPSS
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
6.7AI Score
0.0004EPSS