Post Grid, Slider & Carousel Ultimate Security Vulnerabilities
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
6.4AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
5.8AI Score
0.0004EPSS
The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.9AI Score
0.001EPSS
The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....
4.3CVSS
4.9AI Score
0.0004EPSS
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....
4.3CVSS
6.5AI Score
0.0004EPSS
Serial Numbers for WooCommerce – License Manager <= 1.7.3 - Missing Authorization
Description The WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.3. This...
5.3CVSS
5.1AI Score
0.0004EPSS
Ultimate Store Kit Elementor Addons <= 1.6.2 - Unauthenticated PHP Object Injection
Description The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.2 via deserialization of untrusted...
5.4CVSS
7.7AI Score
0.0004EPSS
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....
4.3CVSS
5.2AI Score
0.0004EPSS
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or.....
4.3CVSS
6.7AI Score
0.0004EPSS
The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.001EPSS
The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
6AI Score
0.001EPSS
The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
5.7AI Score
0.001EPSS
The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
5.9AI Score
0.001EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...
6.4CVSS
6.2AI Score
0.001EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...
6.4CVSS
8.2AI Score
0.001EPSS
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.5AI Score
0.0004EPSS
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...
5.4CVSS
6.8AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...
5.4CVSS
5.9AI Score
0.0004EPSS
The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.0004EPSS
The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...
6.4CVSS
5.9AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...
6.4CVSS
5.7AI Score
0.0004EPSS
The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.0004EPSS
The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6.1AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.9AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.9AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
5.6AI Score
0.0004EPSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
5.8AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...
6.4CVSS
6.6AI Score
0.001EPSS
The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
6AI Score
0.001EPSS
The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
5.8AI Score
0.001EPSS
CVE-2024-3241 Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
CVE-2024-3241 Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.7AI Score
0.0004EPSS
Description The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including,...
5.9AI Score
0.0004EPSS
Description The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to...
6.1AI Score
0.001EPSS
Description The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
Password Protected < 2.6.7 - Missing Authorization to Sensitive Information Exposure
Description The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with...
4.3CVSS
6.9AI Score
0.0004EPSS
MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices
The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of...
7.4AI Score
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...
7.1AI Score
CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
5.8AI Score
0.0004EPSS
CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
5.7AI Score
0.0004EPSS
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as.....
6.8AI Score
CVE-2024-4193 Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...
6.4CVSS
6AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...
6.4CVSS
5.8AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.0004EPSS