Lucene search

K

Post Grid, Slider & Carousel Ultimate Security Vulnerabilities

thn
thn

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....

8AI Score

2024-06-11 06:52 AM
3
wpvulndb
wpvulndb

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
1
wpvulndb
wpvulndb

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Events Addon for Elementor < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
2
nvd
nvd

CVE-2024-35722

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

8.8CVSS

0.001EPSS

2024-06-10 08:15 AM
2
cve
cve

CVE-2024-35722

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
26
cve
cve

CVE-2024-35717

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-10 08:15 AM
25
nvd
nvd

CVE-2024-35717

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-10 08:15 AM
2
cvelist
cvelist

CVE-2024-35717 WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-10 08:00 AM
4
vulnrichment
vulnrichment

CVE-2024-35722 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

4.3CVSS

6.9AI Score

0.001EPSS

2024-06-10 07:56 AM
cvelist
cvelist

CVE-2024-35722 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

4.3CVSS

0.001EPSS

2024-06-10 07:56 AM
2
nvd
nvd

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
2
cve
cve

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-09 01:15 PM
28
cve
cve

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-09 01:15 PM
28
nvd
nvd

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
3
cvelist
cvelist

CVE-2024-32783 WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:03 PM
3
vulnrichment
vulnrichment

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-09 12:35 PM
1
cvelist
cvelist

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 12:35 PM
2
cve
cve

CVE-2024-31246

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-09 09:15 AM
31
nvd
nvd

CVE-2024-31246

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-09 09:15 AM
3
cvelist
cvelist

CVE-2024-31246 WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-09 08:55 AM
2
nvd
nvd

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:15 PM
cve
cve

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
vulnrichment
vulnrichment

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 01:36 PM
cvelist
cvelist

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 01:36 PM
3
nvd
nvd

CVE-2024-35739

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 01:15 PM
1
cve
cve

CVE-2024-35739

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
23
cvelist
cvelist

CVE-2024-35739 WordPress The Post Grid plugin <= 7.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 12:42 PM
2
cve
cve

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

6.4AI Score

0.0004EPSS

2024-06-08 07:15 AM
23
nvd
nvd

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

0.0004EPSS

2024-06-08 07:15 AM
2
cvelist
cvelist

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

0.0004EPSS

2024-06-08 06:54 AM
1
vulnrichment
vulnrichment

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

5.8AI Score

0.0004EPSS

2024-06-08 06:54 AM
thn
thn

Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of.....

7.3AI Score

2024-06-07 03:57 PM
2
cve
cve

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-07 06:15 AM
24
nvd
nvd

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

6.4CVSS

0.0004EPSS

2024-06-07 06:15 AM
2
cve
cve

CVE-2024-3288

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-06-07 06:15 AM
31
nvd
nvd

CVE-2024-3288

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-07 06:15 AM
1
cvelist
cvelist

CVE-2024-3288 Logo Slider < 4.0.0 - Contributor+ Stored XSS

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-07 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-3288 Logo Slider < 4.0.0 - Contributor+ Stored XSS

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-06-07 06:00 AM
cvelist
cvelist

CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

6.4CVSS

0.0004EPSS

2024-06-07 05:33 AM
vulnrichment
vulnrichment

CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-07 05:33 AM
cve
cve

CVE-2024-5640

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

6AI Score

0.001EPSS

2024-06-07 05:15 AM
22
nvd
nvd

CVE-2024-5640

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

0.001EPSS

2024-06-07 05:15 AM
1
vulnrichment
vulnrichment

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-07 04:33 AM
1
cvelist
cvelist

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

0.001EPSS

2024-06-07 04:33 AM
cve
cve

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-07 04:15 AM
22
nvd
nvd

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

0.0004EPSS

2024-06-07 04:15 AM
cvelist
cvelist

CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

0.0004EPSS

2024-06-07 03:21 AM
vulnrichment
vulnrichment

CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-07 03:21 AM
Total number of security vulnerabilities11788