Metform Elementor Contact Form Builder – Flexible And Design-Friendly Contact Form Builder Plugin For WordPress Security Vulnerabilities
bieliace-pasiky.com Cross Site Scripting vulnerability OBB-3931436
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
belici-pasky.com Cross Site Scripting vulnerability OBB-3931432
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
be.lv Cross Site Scripting vulnerability OBB-3931431
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...
6.9AI Score
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers,...
7.9AI Score
CVE-2024-36015 ppdev: Add an error check in register_device
In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after...
7.1AI Score
The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...
6AI Score
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. Mitigation...
7.2AI Score
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
CVE-2024-3921 Gianism <= 5.1.0 - Admin+ Stored XSS
The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing
The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based...
6.8AI Score
CVE-2024-4419 Fetch JFT <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
5.9AI Score
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using...
7.1AI Score
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...
7.1AI Score
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...
7.9AI Score
The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for...
6.9AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.5AI Score
7.5AI Score
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: skaffold, goreleaser, tkn, aactl, flux-source-controller, zot, spire-server, melange, policy-controller, tekton-chains, zarf, wolfictl, apko, gitsign, ko, vexctl, falco, falcoctl, slsa-verifier,...
7.5AI Score
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: tkn, terragrunt, sops, keda, cloudflared, cosign, aactl, argo-cd, flux-source-controller, spire-server, kots, vault, rekor, tekton-chains, cilium-envoy, kyverno, cert-manager, external-secrets-operator, gitsign, fulcio, argo-workflows, istio-pilot-discovery, vexctl,...
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: skaffold, goreleaser, kpt, scorecard, k3s, aactl, up, tekton-chains, chartmuseum, bom, cert-manager, loki, tekton-pipelines, paranoia, falco, ctop, slsa-verifier, prometheus, kubescape,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: goreleaser, tkn, trivy, conftest, dagger, aactl, zot, up, spire-server, melange, crossplane, docker-compose, kaniko, telegraf, kargo, wolfictl, grype, syft, ko, buf, loki, buildkitd, datadog-agent, cadvisor, ctop, prometheus,...
7.5AI Score
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: amass, trillian, kots, caddy, temporal-server, vault, kine, src, step-ca, spicedb, telegraf, argo-workflows, keda, ferretdb, k3s,...
7.5AI Score
6.6AI Score
0.004EPSS
6AI Score
0.001EPSS
7.7AI Score
0.001EPSS
7.8AI Score
0.001EPSS
6.6AI Score
0.002EPSS
7.9AI Score
0.003EPSS
CVE-2024-25710 vulnerabilities
Vulnerabilities for packages: dependency-track, gradle, wavefront-proxy, trino, apache-nifi, opensearch, jenkins,...
5.6AI Score
0.001EPSS
6.5AI Score
0.0004EPSS
GHSA-4265-CCF5-PHJ5 vulnerabilities
Vulnerabilities for packages: dependency-track, gradle, wavefront-proxy, trino, apache-nifi, opensearch, jenkins,...
7.5AI Score
7.5AI Score
7.5AI Score
GHSA-232P-VWFF-86MP vulnerabilities
Vulnerabilities for packages: melange, apko, ko, ctop, bom, helm,...
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: cluster-autoscaler, calico, kubeflow-pipelines, aws-efs-csi-driver,...
8.9AI Score
0.001EPSS
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: melange, pulumi-kubernetes-operator, flux-notification-controller, argo-workflows,...
7.7AI Score
0.0005EPSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: aws-ebs-csi-driver, cluster-autoscaler, kubernetes, calico, local-static-provisioner, kubeflow-pipelines, node-feature-discovery, spark-operator, ip-masq-agent, kubernetes-csi-driver-hostpath, nodetaint,...
3.8AI Score
0.0004EPSS
CVE-2024-26130 vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, kubeflow-pipelines, az, ggshield,...
7.7AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
0.001EPSS
7.5AI Score
0.001EPSS
7.5AI Score
7.5AI Score