Lucene search

K

Ivory Search – WordPress Search Plugin Security Vulnerabilities

wolfi
wolfi

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl, hey, pulumi, minio,....

7.5CVSS

8.4AI Score

0.002EPSS

2024-06-26 03:08 AM
49
wolfi
wolfi

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

7.5AI Score

2024-06-26 03:08 AM
20
wolfi
wolfi

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-26 03:08 AM
49
wolfi
wolfi

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
22
wolfi
wolfi

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
24
wolfi
wolfi

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

7.5AI Score

2024-06-26 03:08 AM
21
wolfi
wolfi

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
21
wolfi
wolfi

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

7.5AI Score

2024-06-26 03:08 AM
3
wolfi
wolfi

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...

7.5AI Score

2024-06-26 03:08 AM
20
wolfi
wolfi

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...

7.5AI Score

2024-06-26 03:08 AM
21
wolfi
wolfi

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, kubernetes-csi-livenessprobe, trust-manager, tctl, hey, pulumi, minio, prometheus-operator,...

7.5AI Score

2024-06-26 03:08 AM
28
wolfi
wolfi

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl, hey, pulumi, minio,....

7.5AI Score

2024-06-26 03:08 AM
19
wolfi
wolfi

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: calico, grype, cosign, aactl, flux-notification-controller, kubevela, buildkitd, helm, prometheus, weaviate, gitlab-pages, secrets-store-csi-driver, goreleaser, pulumi-language-yaml, ko, slsa-verifier, pulumi-kubernetes-operator, conftest, keda,...

7.5AI Score

2024-06-26 03:08 AM
95
wolfi
wolfi

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, dotnet, nodetaint, pulumi-language-yaml, ko, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, tctl, hey, pulumi, minio, sigstore-scaffolding, cert-manager, metacontroller,...

7.5AI Score

2024-06-26 03:08 AM
26
wolfi
wolfi

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.8AI Score

0.0004EPSS

2024-06-26 03:08 AM
19
wolfi
wolfi

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.8AI Score

0.0004EPSS

2024-06-26 03:08 AM
21
wolfi
wolfi

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...

5.3CVSS

7.2AI Score

0.001EPSS

2024-06-26 03:08 AM
28
wolfi
wolfi

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
24
wolfi
wolfi

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: skopeo, grype, buildkitd, ctop, ingress-nginx-controller, kaniko, kubernetes, cadvisor, k9s, zarf, zot, kubescape, skaffold, runc, nerdctl, trivy, telegraf, k3d, syft, docker, k3s, nvidia-device-plugin, newrelic-infrastructure-agent, kots, wolfictl,...

7.5AI Score

2024-06-26 03:08 AM
15
wolfi
wolfi

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

6.5AI Score

0.0004EPSS

2024-06-26 03:08 AM
18
wolfi
wolfi

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

7.5AI Score

2024-06-26 03:08 AM
4
wolfi
wolfi

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

6AI Score

0.0004EPSS

2024-06-26 03:08 AM
19
cve
cve

CVE-2024-5173

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

EPSS

2024-06-26 02:15 AM
2
nvd
nvd

CVE-2024-5173

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

EPSS

2024-06-26 02:15 AM
cvelist
cvelist

CVE-2024-5173 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

EPSS

2024-06-26 02:07 AM
nvd
nvd

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS

EPSS

2024-06-26 12:15 AM
3
cve
cve

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS

6.2AI Score

EPSS

2024-06-26 12:15 AM
5
jvn
jvn

JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability (CWE-352). ## Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform...

6.8AI Score

EPSS

2024-06-26 12:00 AM
cvelist
cvelist

CVE-2024-4869 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS

EPSS

2024-06-25 11:35 PM
2
wordfence
wordfence

WordPress 6.5.5 Security Release – What You Need to Know

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

5.4AI Score

2024-06-25 03:38 PM
2
cve
cve

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

5.8AI Score

EPSS

2024-06-25 02:15 PM
1
nvd
nvd

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

EPSS

2024-06-25 02:15 PM
cve
cve

CVE-2024-32111

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

5CVSS

5.2AI Score

EPSS

2024-06-25 02:15 PM
7
nvd
nvd

CVE-2024-32111

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

5CVSS

EPSS

2024-06-25 02:15 PM
githubexploit
githubexploit

Exploit for CVE-2024-6028

CVE-2024-6028-Poc CVE-2024-6028 Quiz Maker &lt;= 6.5.8.3 -...

9.8CVSS

7.7AI Score

EPSS

2024-06-25 01:55 PM
19
vulnrichment
vulnrichment

CVE-2024-5451 The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

6AI Score

EPSS

2024-06-25 01:53 PM
cvelist
cvelist

CVE-2024-5451 The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

EPSS

2024-06-25 01:53 PM
2
cvelist
cvelist

CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

5CVSS

EPSS

2024-06-25 01:35 PM
3
nvd
nvd

CVE-2024-31111

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

6.5CVSS

EPSS

2024-06-25 01:15 PM
3
cve
cve

CVE-2024-31111

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

6.5CVSS

6.6AI Score

EPSS

2024-06-25 01:15 PM
5
vulnrichment
vulnrichment

CVE-2024-31111 WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

6.5CVSS

6.9AI Score

EPSS

2024-06-25 12:54 PM
3
cvelist
cvelist

CVE-2024-31111 WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

6.5CVSS

EPSS

2024-06-25 12:54 PM
4
kitploit
kitploit

CloudBrute - Awesome Cloud Enumerator

A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here...

7.2AI Score

2024-06-25 12:30 PM
2
cve
cve

CVE-2024-6307

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

6.4CVSS

5.8AI Score

EPSS

2024-06-25 11:15 AM
5
nvd
nvd

CVE-2024-6307

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

6.4CVSS

EPSS

2024-06-25 11:15 AM
3
cvelist
cvelist

CVE-2024-6307 WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

6.4CVSS

EPSS

2024-06-25 11:09 AM
6
thn
thn

New Attack Technique Exploits Microsoft Management Console Files

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource...

6.6AI Score

2024-06-25 10:42 AM
10
cve
cve

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS

9.7AI Score

EPSS

2024-06-25 09:15 AM
6
nvd
nvd

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS

EPSS

2024-06-25 09:15 AM
5
cvelist
cvelist

CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS

EPSS

2024-06-25 08:35 AM
2
Total number of security vulnerabilities409184