A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
6.9AI Score
0.0004EPSS
OpenCMS Cross-Site Scripting vulnerability
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....
6.4CVSS
6.9AI Score
0.0004EPSS
OpenCMS Cross-Site Scripting vulnerability
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....
6.4CVSS
6.9AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.8CVSS
10AI Score
0.035EPSS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
6.4CVSS
7AI Score
0.0004EPSS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
6.4CVSS
6.6AI Score
0.0004EPSS
CVE-2024-5521 Cross-Site Scripting stored in Alkacon OpenCMS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
6.4CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5521 Cross-Site Scripting stored in Alkacon OpenCMS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
6.4CVSS
6.6AI Score
0.0004EPSS
8.8CVSS
7.5AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...
10CVSS
9.4AI Score
EPSS
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.9AI Score
0.0004EPSS
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.7AI Score
0.0004EPSS
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.9AI Score
0.0004EPSS
Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Image Gallery Block
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
6.4CVSS
5.9AI Score
0.0004EPSS
Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Testimonial Block
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial and Image Gallery blocks due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and...
6.4CVSS
5.9AI Score
0.0004EPSS
FooGallery < 2.4.15 - Author+ Stored XSS
Description The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC Create a.....
8.1AI Score
0.0004EPSS
FooGallery < 2.4.15 - Author+ Stored XSS
Description The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
8.2AI Score
0.0004EPSS
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....
5.3CVSS
6.6AI Score
0.0005EPSS
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....
5.3CVSS
5.7AI Score
0.0005EPSS
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....
5.3CVSS
5.7AI Score
0.0005EPSS
Description The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6....
5.3CVSS
5.2AI Score
0.0005EPSS
Picture Gallery < 1.5.12 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Picture Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject...
6.5CVSS
5.7AI Score
0.0004EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.7AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.9AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.9AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.8AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through...
6CVSS
6.8AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through...
6CVSS
6AI Score
0.0004EPSS
CVE-2023-33310 WordPress Unite Gallery Lite plugin <= 1.7.59 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through...
6CVSS
6AI Score
0.0004EPSS
CVE-2023-33310 WordPress Unite Gallery Lite plugin <= 1.7.59 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through...
6CVSS
6.9AI Score
0.0004EPSS
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.7AI Score
0.0004EPSS
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.9AI Score
0.0004EPSS
CVE-2024-2744 Nextgen Gallery < 3.59.1 - Admin+ Stored XSS
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.6AI Score
0.0004EPSS
CVE-2024-2744 Nextgen Gallery < 3.59.1 - Admin+ Stored XSS
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.9AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...
10CVSS
9.5AI Score
EPSS
A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...
6.3CVSS
6.5AI Score
0.0004EPSS
CVE-2024-4946 SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload
A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...
6.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-4946 SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload
A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...
6.3CVSS
6.9AI Score
0.0004EPSS
Featured Content Gallery <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Featured Content Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
5.9AI Score
0.0004EPSS
The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary...
8.8CVSS
9.5AI Score
0.001EPSS
The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary...
8.8CVSS
8.9AI Score
0.001EPSS
The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary...
8.8CVSS
9.4AI Score
0.001EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...
5.4CVSS
5.3AI Score
0.001EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...
5.4CVSS
5.7AI Score
0.001EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...
5.4CVSS
5.5AI Score
0.001EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
5.9AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
5.7AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
6.4AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
5.8AI Score
0.0004EPSS