Lucene search

K

Post Grid, Slider & Carousel Ultimate Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2023-49852 WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-04 11:57 AM
cvelist
cvelist

CVE-2023-49852 WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 11:57 AM
1
cvelist
cvelist

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through...

3.7CVSS

4.2AI Score

0.0004EPSS

2024-06-04 11:24 AM
2
vulnrichment
vulnrichment

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through...

3.7CVSS

6.8AI Score

0.0004EPSS

2024-06-04 11:24 AM
nvd
nvd

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 10:15 AM
1
cve
cve

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-04 10:15 AM
4
cvelist
cvelist

CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 09:31 AM
vulnrichment
vulnrichment

CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-04 09:31 AM
nvd
nvd

CVE-2024-4581

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 09:15 AM
cve
cve

CVE-2024-4581

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-04 09:15 AM
cvelist
cvelist

CVE-2024-4581 Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 08:31 AM
vulnrichment
vulnrichment

CVE-2024-4581 Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-04 08:31 AM
osv
osv

CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-06-04 08:15 AM
nvd
nvd

CVE-2024-20877

Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-06-04 07:15 AM
cve
cve

CVE-2024-20877

Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.6AI Score

0.0004EPSS

2024-06-04 07:15 AM
18
nvd
nvd

CVE-2024-20878

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-06-04 07:15 AM
1
cve
cve

CVE-2024-20878

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.6AI Score

0.0004EPSS

2024-06-04 07:15 AM
16
cvelist
cvelist

CVE-2024-20878

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-06-04 06:42 AM
vulnrichment
vulnrichment

CVE-2024-20878

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-04 06:42 AM
cvelist
cvelist

CVE-2024-20877

Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-06-04 06:42 AM
1
vulnrichment
vulnrichment

CVE-2024-20877

Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-04 06:42 AM
zdt

7.4AI Score

2024-06-04 12:00 AM
64
nvd
nvd

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-03 10:15 PM
nvd
nvd

CVE-2023-23738

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-03 10:15 PM
cve
cve

CVE-2023-23738

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 PM
15
cve
cve

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 PM
14
cve
cve

CVE-2023-23730

Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 PM
15
nvd
nvd

CVE-2023-23730

Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-03 10:15 PM
cvelist
cvelist

CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-03 09:33 PM
1
vulnrichment
vulnrichment

CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-03 09:33 PM
cvelist
cvelist

CVE-2023-23735 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-03 09:26 PM
vulnrichment
vulnrichment

CVE-2023-23735 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-03 09:26 PM
cvelist
cvelist

CVE-2023-23730 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-03 09:24 PM
nvd
nvd

CVE-2024-35630

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...

7.6CVSS

8.1AI Score

0.0004EPSS

2024-06-03 11:15 AM
1
cve
cve

CVE-2024-35630

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...

7.6CVSS

8AI Score

0.0004EPSS

2024-06-03 11:15 AM
17
nvd
nvd

CVE-2024-34789

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-03 11:15 AM
1
cve
cve

CVE-2024-34789

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-03 11:15 AM
25
vulnrichment
vulnrichment

CVE-2024-34789 WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-03 10:58 AM
cvelist
cvelist

CVE-2024-34789 WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-03 10:58 AM
vulnrichment
vulnrichment

CVE-2024-35630 WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...

7.6CVSS

7.7AI Score

0.0004EPSS

2024-06-03 10:27 AM
cvelist
cvelist

CVE-2024-35630 WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...

7.6CVSS

8.1AI Score

0.0004EPSS

2024-06-03 10:27 AM
1
exploitdb

7.4AI Score

2024-06-03 12:00 AM
25
packetstorm

7.4AI Score

2024-06-03 12:00 AM
47
nvd
nvd

CVE-2024-4342

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-06-01 06:15 AM
cve
cve

CVE-2024-4342

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-01 06:15 AM
6
vulnrichment
vulnrichment

CVE-2024-4342 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-01 05:38 AM
1
cvelist
cvelist

CVE-2024-4342 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-06-01 05:38 AM
cve
cve

CVE-2023-6382

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...

6.4CVSS

6AI Score

0.001EPSS

2024-06-01 05:15 AM
6
nvd
nvd

CVE-2023-6382

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...

6.4CVSS

5.9AI Score

0.001EPSS

2024-06-01 05:15 AM
2
cvelist
cvelist

CVE-2023-6382 Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...

6.4CVSS

5.9AI Score

0.001EPSS

2024-06-01 04:30 AM
2
Total number of security vulnerabilities11685