Ibtana – WordPress Website Builder Security Vulnerabilities

CVE-2023-36694

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

CVE-2023-29174

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

CVE-2023-35040

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

CVE-2023-35040

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

CVE-2023-29174

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

YITH WooCommerce Product Add-Ons < 4.9.3 - Unauthenticated Content Injection

Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 4.9.2. This is due to the plugin not properly validating a field that can be updated. This makes it possible for unauthenticated attackers to inject...

Rocky Linux 8 : Image builder components bug fix, enhancement and (RLSA-2024:2961)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2961 advisory. * osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) Tenable has extracted the preceding description block...

Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting

...

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS &lt; 127. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine....

tagDiv Composer < 4.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

Newspaper < 12.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

Description The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

tagDiv Composer < 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

...

aboutmyip.com Cross Site Scripting vulnerability OBB-3934995

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-29174 WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

CVE-2023-29174 WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

CVE-2023-35040 WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

CVE-2023-36504 WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

642weather.com Cross Site Scripting vulnerability OBB-3934994

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-36694 WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

CVE-2023-37394 WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

360onhistory.com Cross Site Scripting vulnerability OBB-3934993

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

adhub.com Cross Site Scripting vulnerability OBB-3934992

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

adexgroups.com Cross Site Scripting vulnerability OBB-3934990

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

alvanon.com Cross Site Scripting vulnerability OBB-3934989

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

moviebratspictures.com Cross Site Scripting vulnerability OBB-3934986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

hillcountrynews.com Cross Site Scripting vulnerability OBB-3934984

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

secure.pinnion.com Cross Site Scripting vulnerability OBB-3934982

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

tangent.com Cross Site Scripting vulnerability OBB-3934981

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

chungmei.net Cross Site Scripting vulnerability OBB-3934980

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS &lt;...

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS &lt;...

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS &lt;...

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS &lt;...

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS &lt;...

oxfordhmo.co.uk Cross Site Scripting vulnerability OBB-3934977

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

janmitchellproperties.co.uk Cross Site Scripting vulnerability OBB-3934974

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sheffieldstudenthousing.co.uk Cross Site Scripting vulnerability OBB-3934973

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bloxham.co.uk Cross Site Scripting vulnerability OBB-3934972

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6msportal.com Cross Site Scripting vulnerability OBB-3934971

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

hotelnordic.com Cross Site Scripting vulnerability OBB-3934970

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

hkit.edu.hk Cross Site Scripting vulnerability OBB-3934969

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

incois.gov.in Cross Site Scripting vulnerability OBB-3934968

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

mtech.am Open Redirect vulnerability OBB-3934967

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

portal.pepsic.bvsalud.org Open Redirect vulnerability OBB-3934965

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

realtimerental.com Cross Site Scripting vulnerability OBB-3934964

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...