Lucene search

K

Post Grid, Slider & Carousel Ultimate Security Vulnerabilities

cvelist
cvelist

CVE-2024-4373 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....

6.4CVSS

6.4AI Score

0.0004EPSS

2024-05-15 01:56 AM
1
vulnrichment
vulnrichment

CVE-2024-4373 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-15 01:56 AM
1
nvd
nvd

CVE-2024-4363

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-15 12:15 AM
cve
cve

CVE-2024-4363

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-15 12:15 AM
5
nvd
nvd

CVE-2024-0437

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....

4.3CVSS

4.9AI Score

0.0004EPSS

2024-05-15 12:15 AM
cve
cve

CVE-2024-0437

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....

4.3CVSS

6.5AI Score

0.0004EPSS

2024-05-15 12:15 AM
8
wpvulndb
wpvulndb

Serial Numbers for WooCommerce – License Manager <= 1.7.3 - Missing Authorization

Description The WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.3. This...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-05-15 12:00 AM
3
wpvulndb
wpvulndb

Ultimate Store Kit Elementor Addons <= 1.6.2 - Unauthenticated PHP Object Injection

Description The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.2 via deserialization of untrusted...

5.4CVSS

7.7AI Score

0.0004EPSS

2024-05-15 12:00 AM
1
cvelist
cvelist

CVE-2024-0437 Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....

4.3CVSS

5.2AI Score

0.0004EPSS

2024-05-14 11:31 PM
vulnrichment
vulnrichment

CVE-2024-0437 Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....

4.3CVSS

6.7AI Score

0.0004EPSS

2024-05-14 11:31 PM
vulnrichment
vulnrichment

CVE-2024-4363 Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-14 11:31 PM
cvelist
cvelist

CVE-2024-4363 Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

6AI Score

0.001EPSS

2024-05-14 11:31 PM
1
cve
cve

CVE-2024-4440

The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 04:17 PM
22
nvd
nvd

CVE-2024-4440

The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 04:17 PM
nvd
nvd

CVE-2024-4333

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

6.4CVSS

6.2AI Score

0.001EPSS

2024-05-14 04:17 PM
1
cve
cve

CVE-2024-4333

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

6.4CVSS

8.2AI Score

0.001EPSS

2024-05-14 04:17 PM
24
nvd
nvd

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.5AI Score

0.0004EPSS

2024-05-14 04:17 PM
cve
cve

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-05-14 04:17 PM
30
cve
cve

CVE-2024-4606

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-05-14 03:44 PM
1
nvd
nvd

CVE-2024-4606

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...

5.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:44 PM
nvd
nvd

CVE-2024-4446

The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4446

The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
2
nvd
nvd

CVE-2024-4339

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4339

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
4
nvd
nvd

CVE-2024-4193

The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4193

The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-05-14 03:43 PM
25
nvd
nvd

CVE-2024-3831

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:42 PM
cve
cve

CVE-2024-3831

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-14 03:42 PM
4
nvd
nvd

CVE-2024-3680

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:42 PM
cve
cve

CVE-2024-3680

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:42 PM
4
nvd
nvd

CVE-2024-3239

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

0.0004EPSS

2024-05-14 03:40 PM
cve
cve

CVE-2024-3239

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.8AI Score

0.0004EPSS

2024-05-14 03:40 PM
25
cvelist
cvelist

CVE-2024-4333 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

6.4CVSS

6.6AI Score

0.001EPSS

2024-05-14 12:50 PM
cvelist
cvelist

CVE-2024-4440 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.4CVSS

6AI Score

0.001EPSS

2024-05-14 09:33 AM
vulnrichment
vulnrichment

CVE-2024-4440 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-14 09:33 AM
vulnrichment
vulnrichment

CVE-2024-3241 Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-05-14 06:00 AM
cvelist
cvelist

CVE-2024-3241 Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.7AI Score

0.0004EPSS

2024-05-14 06:00 AM
wpvulndb
wpvulndb

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) < 3.5.4 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'

Description The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including,...

5.9AI Score

0.0004EPSS

2024-05-14 12:00 AM
2
wpvulndb
wpvulndb

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) < 3.5.4 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

Description The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to...

6.1AI Score

0.001EPSS

2024-05-14 12:00 AM
1
wpvulndb
wpvulndb

Visual Portfolio, Photo Gallery & Post Grid < 3.3.3 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter

Description The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 12:00 AM
2
wpvulndb
wpvulndb

Password Protected < 2.6.7 - Missing Authorization to Sensitive Information Exposure

Description The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-05-14 12:00 AM
3
thn
thn

MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices

The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of...

7.4AI Score

2024-05-13 02:29 PM
1
krebs
krebs

How Did Authorities Identify the Alleged Lockbit Boss?

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...

7.1AI Score

2024-05-13 11:26 AM
10
vulnrichment
vulnrichment

CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.8AI Score

0.0004EPSS

2024-05-13 06:00 AM
cvelist
cvelist

CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.7AI Score

0.0004EPSS

2024-05-13 06:00 AM
2
thn
thn

What's the Right EDR for You?

A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as.....

6.8AI Score

2024-05-10 10:22 AM
1
cvelist
cvelist

CVE-2024-4193 Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-09 08:03 PM
2
cvelist
cvelist

CVE-2024-4339 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-09 08:03 PM
vulnrichment
vulnrichment

CVE-2024-4339 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-09 08:03 PM
vulnrichment
vulnrichment

CVE-2024-3831 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-09 08:03 PM
Total number of security vulnerabilities11685