Post Grid, Slider & Carousel Ultimate Security Vulnerabilities
The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.0004EPSS
The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...
6.4CVSS
6.3AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
6.4AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
6.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...
9.8CVSS
9.7AI Score
EPSS
Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...
5.4CVSS
6.2AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
7.4AI Score
Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through...
7.7CVSS
7.6AI Score
0.0004EPSS
Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through...
7.7CVSS
6.8AI Score
0.0004EPSS
CVE-2024-1438 WordPress Rolo Slider plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through...
7.7CVSS
7.8AI Score
0.0004EPSS
Description The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...
5.9AI Score
0.0004EPSS
Description The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it...
5.9AI Score
0.0004EPSS
Description The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input...
5.9AI Score
0.0004EPSS
Description The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
0.0004EPSS
Post Grid Master < 3.4.8 - Missing Authorization
Description The Post Grid Master plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the am_post_grid_load_posts_ajax_functions function in versions up to, and including, 3.4.7. This makes it possible for unauthenticated attackers to load...
6.7AI Score
0.0004EPSS
Sina Extension for Elementor < 3.5.2 - Authenticated (Contributor+) Local File Inclusion
Description The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.5.1. This makes it possible for authenticated...
7.3AI Score
0.0005EPSS
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes....
7.8AI Score
0.0004EPSS
Robo Gallery < 3.2.19 - Unauthenticated Information Exposure
Description The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.18. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.7AI Score
0.0004EPSS
Ultimate Under Construction < 1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Ultimate Under Construction plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
5.9AI Score
0.0004EPSS
Slider by Supsystic < 1.8.11 - Authenticated (Admin+) SQL Injection
Description The Slider by Supsystic plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.8.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
7.3AI Score
0.0004EPSS
Post Grid Master <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.4.8 due to insufficient input...
5.8AI Score
0.0004EPSS
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System...
6.2AI Score
0.0004EPSS
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System...
5.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through...
6.5CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through...
5.3CVSS
5.8AI Score
0.0004EPSS
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-34372 WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through...
5.3CVSS
6.6AI Score
0.0004EPSS
CVE-2024-34372 WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through...
6.5CVSS
7.3AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through...
5.3CVSS
5.7AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through...
5.3CVSS
9.3AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through...
5.3CVSS
5.9AI Score
0.0004EPSS
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.4AI Score
0.0004EPSS
CVE-2024-3752 Crelly Slider <= 1.4.5 - Admin+ Stored XSS
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.5AI Score
0.0004EPSS
CVE-2024-3752 Crelly Slider <= 1.4.5 - Admin+ Stored XSS
The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
GitLab 16.4.3 < 16.4.4 / 16.5.3 < 16.5.4 / 16.6.1 < 16.6.2 (CVE-2023-6564)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches,...
6.5CVSS
6.9AI Score
0.0005EPSS
Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System...
6.1AI Score
0.0004EPSS
7.5CVSS
6.9AI Score
0.0004EPSS
Component Server in Gradio before 4.13 does not properly consider _is_server_fn for...
6.5CVSS
6.9AI Score
0.0004EPSS
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...
7.7AI Score
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyKite Ultimate Under Construction allows Stored XSS.This issue affects Ultimate Under Construction: from n/a through...
5.9CVSS
6.6AI Score
0.0004EPSS