Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
If you're a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if you're reading this newsletter, I probably shouldn't have to tell you about that either. But one of the things...
7.8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through...
8.3CVSS
8.3AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through...
8.3CVSS
8.2AI Score
0.0004EPSS
CVE-2024-32600 WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through...
8.3CVSS
8.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid allows Stored XSS.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-32578 WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32578 WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
CVE-2024-32580 WordPress Master Slider plugin <= 3.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and...
6.4CVSS
5.7AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and...
6.4CVSS
5.7AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all versions up to, and including,....
6.4CVSS
5.7AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all versions up to, and including,....
6.4CVSS
5.7AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and...
6.4CVSS
5.8AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all versions up to, and including,....
6.4CVSS
5.8AI Score
0.0004EPSS
Oracle Database Server (Apr 2024 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily...
9.8CVSS
6.7AI Score
0.962EPSS
Element Pack Elementor Addons < 5.6.1 - Contributor+ Stored XSS via Panel Slider Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary...
6.4CVSS
5.8AI Score
0.0004EPSS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin....
7.4CVSS
6.1AI Score
0.0004EPSS
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects...
8.1CVSS
5.7AI Score
0.0004EPSS
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...
7AI Score
Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
Sangar Slider <= 1.3.2 - Cross-Site Request Forgery
Description The Responsive Slider – Sangar Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...
6.5CVSS
6.8AI Score
0.0004EPSS
Otter Blocks < 2.6.10 - Contributor+ Stored XSS via titleTag
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget due to insufficient input sanitization and output escaping on user supplied attributes such as 'titleTag'. This makes it possible for authenticated attackers, with contributor-level access and...
6.4CVSS
5.7AI Score
0.0004EPSS
HT Mega < 2.5.0 - Contributor+ Stored XSS via Image Grid Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages...
5.7AI Score
0.0004EPSS
An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy.....
7.5CVSS
6.2AI Score
0.001EPSS
Content Control < 2.2.0 - Missing Authorization to Sensitive Information Exposure
Description The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated...
6.5AI Score
0.0005EPSS
Ultimate Product Catalogue < 5.2.16 - Cross-Site Request Forgery via reset_settings()
Description The Ultimate Product Catalogue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.15. This is due to missing or incorrect nonce validation on the reset_settings() function. This makes it possible for unauthenticated attackers to reset....
4.3CVSS
6.4AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.3AI Score
0.0004EPSS
The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
7.6AI Score
0.0004EPSS
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
7.6AI Score
0.0004EPSS
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.3AI Score
0.0004EPSS
CVE-2024-1746 Testimonial Slider < 2.3.8 - Admin+ Stored XSS
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.5AI Score
0.0004EPSS