Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure
Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data...
5.3CVSS
6.7AI Score
0.0005EPSS
How to Configure Veeam Intelligent Diagnostics Log Location
This article documents how to change the location where Veeam Intelligent Diagnostics stores the logs it collects—allowing customers to configure both where those logs are stored temporarily on the Veeam Backup Server before being transferred to the Veeam ONE server and where those logs are stored....
6.8AI Score
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to...
9.8CVSS
6.7AI Score
0.001EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-044)
The version of kernel installed on the remote host is prior to 5.15.160-104.158. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-044 advisory. In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial...
5.5CVSS
7.5AI Score
0.0004EPSS
Fortinet Fortigate (FG-IR-23-471)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-471 advisory. A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and...
6.8CVSS
7AI Score
0.0004EPSS
WPvivid Backup for MainWP < 0.9.34 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
WP EasyCart < 5.6.0 - Missing Authorization
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.19. This makes it possible for unauthenticated attackers to perform an unauthorized...
5.3CVSS
6.7AI Score
0.0004EPSS
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.7AI Score
0.001EPSS
WP-Recall <= 16.26.6 - Cross-Site Request Forgery
Description The WP-Recall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 16.26.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...
5.4CVSS
6.4AI Score
0.0004EPSS
Fortinet Fortigate (FG-IR-23-423)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-423 advisory. A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and...
1.8CVSS
7.3AI Score
0.0004EPSS
WP Flow Plus < 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Flow Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.5CVSS
5.8AI Score
0.0004EPSS
Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update
Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.412 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...
7.5CVSS
6.8AI Score
EPSS
Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update
Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.11.0 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...
7.5CVSS
6.8AI Score
EPSS
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an...
6.7AI Score
0.001EPSS
Payment Gateway for Telcell < 2.0.4 - Open Redirect
The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect...
6.8AI Score
EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...
8.6CVSS
8.5AI Score
0.0005EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...
6.5CVSS
0.0005EPSS
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating....
9.8CVSS
10AI Score
0.0004EPSS
CVE-2024-35743 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...
8.6CVSS
0.0005EPSS
CVE-2024-35743 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...
8.6CVSS
6.8AI Score
0.0005EPSS
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
6.9AI Score
0.0004EPSS
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
0.0004EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score
Prime Mover < 1.9.3 - Sensitive Data Exposure
Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...
7.5CVSS
6.7AI Score
0.003EPSS
Bypassing 2FA with phishing and OTP bots
Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...
7.2AI Score
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
9.8CVSS
5.4AI Score
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-35717 WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
CVE-2024-35721 WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
4.3CVSS
0.001EPSS
CVE-2024-35721 WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
4.3CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...
4.3CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...
4.3CVSS
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
5.3CVSS
7AI Score
0.001EPSS
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...
5.3CVSS
0.001EPSS
CVE-2024-29849 Veeam Backup Enterprise Manager Authentication...
9.8CVSS
9.4AI Score
0.0004EPSS
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...
0.0004EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role PoC 1) You will need a valid nonce for deletion of quiz questions. 2) Sign in....
7.7AI Score
EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...
8.1AI Score
EPSS
7.1AI Score
EPSS
How to Enable Changed Block Tracking for Guest Cluster on vSphere with Tanzu
Changed Block Tracking is a VMware feature that tracks changes in virtual disks. Veeam Kasten for Kubernetes uses this feature in vSphere with Tanzu Guest Clusters to efficiently backup Persistent...
7AI Score