LearnPress – WordPress LMS Plugin Security Vulnerabilities

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: go, restic, hey, falco, wireguard-go, k3d, grpcurl, gke-gcloud-auth-plugin,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: grype, runc, k9s, newrelic-infrastructure-agent, zarf, buildkitd, k3s, ingress-nginx-controller, nerdctl, k3d, zot, trivy, datadog-agent, nvidia-device-plugin, wolfictl, ctop, skopeo, kubescape, docker, telegraf, cadvisor, skaffold, kubernetes, kaniko, syft,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, crossplane-provider-aws, kargo, ollama, cri-tools, protoc-gen-go-grpc, runc, kine, kubernetes-dashboard-metrics-scraper, metrics-server, cilium, actions-runner-controller, istio-pilot-discovery, prometheus-operator, tkn,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: istio-envoy, ollama, kind, metrics-server, terraform-provider-azurerm, buildkitd, pulumi-language-dotnet, stakater-reloader, envoy-ratelimit, dex, tctl, kubernetes-csi-node-driver-registrar, aactl, nats, secrets-store-csi-driver, aws-efs-csi-driver, gatekeeper,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, kafka_exporter, hello-world-golang, crossplane-provider-aws, runc, cri-tools, kind, kubernetes-dashboard-metrics-scraper, metrics-server, harbor-registry, buildkitd, pulumi-language-dotnet, docker-compose, grafana-rollout-operator, karpenter,.....

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, kafka_exporter, hello-world-golang, crossplane-provider-aws, runc, cri-tools, kind, kubernetes-dashboard-metrics-scraper, metrics-server, harbor-registry, buildkitd, pulumi-language-dotnet, docker-compose, grafana-rollout-operator, karpenter,.....

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: flannel-cni-plugin, sbom-scorecard, cortex, falco, hey, protoc-gen-go-grpc, gobuster, kind, kubernetes-dashboard-metrics-scraper, metrics-server, sops, cni-plugins, go-md2man, grpcurl, nri-discovery-kubernetes, oras, vertical-pod-autoscaler, scorecard,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws, runc, ollama, kubernetes-dashboard-metrics-scraper, metrics-server, tkn, prometheus-operator, buildkitd, pulumi-language-dotnet, stakater-reloader, cloud-sql-proxy, karpenter, dex, zot, tctl, kubernetes-csi-node-driver-registrar, aactl,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, crossplane-provider-aws, kargo, ollama, cri-tools, protoc-gen-go-grpc, runc, kine, kubernetes-dashboard-metrics-scraper, metrics-server, cilium, actions-runner-controller, istio-pilot-discovery, prometheus-operator, tkn,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, kind, prometheus-operator, envoy-ratelimit, step-ca, dex, tctl, aactl, docker-cli, kube-logging-operator, gatekeeper, kyverno, nri-consul, nri-redis, external-dns, boring-registry, cluster-api-controller, go,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: go, restic, hey, falco, wireguard-go, k3d, grpcurl, gke-gcloud-auth-plugin,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws, runc, ollama, kind, kubernetes-dashboard-metrics-scraper, metrics-server, istio-pilot-discovery, tkn, prometheus-operator, buildkitd, pulumi-language-dotnet, stakater-reloader, cloud-sql-proxy, karpenter, dex, zot, tctl,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, kind, prometheus-operator, envoy-ratelimit, step-ca, dex, tctl, aactl, docker-cli, kube-logging-operator, gatekeeper, kyverno, nri-consul, nri-redis, external-dns, boring-registry, cluster-api-controller, go,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, kafka_exporter, hello-world-golang, crossplane-provider-aws, runc, cri-tools, kind, kubernetes-dashboard-metrics-scraper, metrics-server, harbor-registry, buildkitd, pulumi-language-dotnet, docker-compose, grafana-rollout-operator, karpenter,.....

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: flannel-cni-plugin, sbom-scorecard, cortex, falco, hey, protoc-gen-go-grpc, gobuster, kind, kubernetes-dashboard-metrics-scraper, metrics-server, sops, cni-plugins, go-md2man, grpcurl, nri-discovery-kubernetes, oras, vertical-pod-autoscaler, scorecard,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: flannel-cni-plugin, sbom-scorecard, cortex, falco, hey, protoc-gen-go-grpc, gobuster, kind, kubernetes-dashboard-metrics-scraper, metrics-server, sops, cni-plugins, go-md2man, grpcurl, nri-discovery-kubernetes, oras, vertical-pod-autoscaler, scorecard,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws, runc, ollama, kind, kubernetes-dashboard-metrics-scraper, metrics-server, istio-pilot-discovery, tkn, prometheus-operator, buildkitd, pulumi-language-dotnet, stakater-reloader, cloud-sql-proxy, karpenter, dex, zot, tctl,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws, runc, ollama, kubernetes-dashboard-metrics-scraper, metrics-server, tkn, prometheus-operator, buildkitd, pulumi-language-dotnet, stakater-reloader, cloud-sql-proxy, karpenter, dex, zot, tctl, kubernetes-csi-node-driver-registrar, aactl,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: istio-envoy, ollama, kind, metrics-server, terraform-provider-azurerm, buildkitd, pulumi-language-dotnet, stakater-reloader, envoy-ratelimit, dex, tctl, kubernetes-csi-node-driver-registrar, aactl, nats, secrets-store-csi-driver, aws-efs-csi-driver, gatekeeper,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: flux-notification-controller, gitlab-pages, conftest, cortex, falco, grype, oauth2-proxy, prometheus-adapter, metrics-server, pulumi, cert-manager, kubernetes-csi-livenessprobe, kubeflow-katib, terraform-provider-azurerm, buildkitd, pulumi-language-dotnet,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: flannel-cni-plugin, sbom-scorecard, cortex, falco, hey, protoc-gen-go-grpc, gobuster, kind, kubernetes-dashboard-metrics-scraper, metrics-server, sops, cni-plugins, go-md2man, grpcurl, nri-discovery-kubernetes, oras, vertical-pod-autoscaler, scorecard,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, kafka_exporter, hello-world-golang, crossplane-provider-aws, runc, cri-tools, kind, kubernetes-dashboard-metrics-scraper, metrics-server, harbor-registry, buildkitd, pulumi-language-dotnet, docker-compose, grafana-rollout-operator, karpenter,.....

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: grype, runc, k9s, newrelic-infrastructure-agent, zarf, buildkitd, k3s, ingress-nginx-controller, nerdctl, k3d, zot, trivy, datadog-agent, nvidia-device-plugin, wolfictl, ctop, skopeo, kubescape, docker, telegraf, cadvisor, skaffold, kubernetes, kaniko, syft,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: newrelic-infra-operator, hello-world-golang, runc, protoc-gen-go-grpc, cri-tools, kind, kine, kubernetes-dashboard-metrics-scraper, metrics-server, actions-runner-controller, prometheus-operator, buildkitd, gitlab-logger, stakater-reloader, rabbitmq-cluster-operator,.....

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is...

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....

CVE-2024-4045

The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...

CVE-2024-4045 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...

CVE-2024-5218

The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5218 Reviews and Rating – Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting

The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4858

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...

CVE-2024-4858 Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...

CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5220

The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and....

CVE-2024-5220 ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting

The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and....

openSUSE 15 Security Update : qt6-networkauth (openSUSE-SU-2024:0138-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0138-1 advisory. - CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782). Tenable has extracted the preceding description block...

SUSE SLES15 Security Update : python3 (SUSE-SU-2024:1774-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1774-1 advisory. - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). -...

Fedora 39 : dotnet7.0 (2024-3136a71490)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3136a71490 advisory. This is the May 2024 security update for .NET 7. This is the last upstream release of .NET 7. After this update, .NET 7 reaches its End of Life (EOL). Full...

Fedora 39 : mingw-libxml2 (2024-4862425658)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4862425658 advisory. Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459) Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 40 : crosswords / libipuz (2024-e4717532c4)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-e4717532c4 advisory. crosswords 0.3.13 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...