The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
7.2CVSS
5.8AI Score
0.0005EPSS
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
7.2CVSS
6.2AI Score
0.0005EPSS
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
6.4CVSS
5.9AI Score
0.001EPSS
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
6.4CVSS
5.7AI Score
0.001EPSS
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
6.4CVSS
5.9AI Score
0.001EPSS
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...
9.8CVSS
7.9AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...
9.8CVSS
9.9AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...
9.8CVSS
9.9AI Score
0.001EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...
5.3CVSS
6.8AI Score
0.001EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...
5.3CVSS
5.7AI Score
0.001EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...
5.3CVSS
6.9AI Score
0.001EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...
5.3CVSS
5.7AI Score
0.001EPSS
(RHSA-2024:3128) Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
7.2AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
6.4CVSS
5.7AI Score
0.001EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
6.4CVSS
5.9AI Score
0.001EPSS
The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....
6.4CVSS
5.7AI Score
0.0004EPSS
The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....
6.4CVSS
5.9AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.0004EPSS
The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....
6.4CVSS
5.9AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
6.4CVSS
5.9AI Score
0.001EPSS
The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....
6.4CVSS
5.8AI Score
0.0004EPSS
The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....
6.4CVSS
5.7AI Score
0.001EPSS
The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....
6.4CVSS
5.9AI Score
0.001EPSS
QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below - ...
7.2CVSS
9.1AI Score
EPSS
The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....
6.4CVSS
5.9AI Score
0.001EPSS
The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....
6.4CVSS
5.8AI Score
0.001EPSS
Element Pack Elementor Addons < 5.6.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...
6.4CVSS
5.9AI Score
0.0004EPSS
Element Pack Elementor Addons < 5.6.4 - Form Submission Admin Email Bypass
Description The plugin is vulnerable to Form Submission Admin Email Bypass due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact...
5.3CVSS
7.1AI Score
0.001EPSS
Moderate: perl:5.32 security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...
7.8CVSS
6.8AI Score
0.0004EPSS
RHEL 9 : openstack-tripleo-heat-templates and tripleo-ansible update (Moderate) (RHSA-2024:2736)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2736 advisory. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools (codename heat), which can be used to help deploy...
6.6CVSS
6.5AI Score
0.0004EPSS
Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,....
6.4CVSS
5.8AI Score
0.001EPSS
Description The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it.....
6.4CVSS
5.8AI Score
0.0004EPSS
Description The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for.....
5.3CVSS
9.3AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2770 advisory. Heat templates for TripleO TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments....
6.6CVSS
6.5AI Score
0.0004EPSS
Shopware Remote Code Execution Vulnerability
Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware in versions prior to 5.2.16. One possible threat is if a template that doesn’t derive from the Shopware standard has been completely copied. Themes or plugins that execute or overwrite the following...
7.4AI Score
Shopware Remote Code Execution Vulnerability
Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware in versions prior to 5.2.16. One possible threat is if a template that doesn’t derive from the Shopware standard has been completely copied. Themes or plugins that execute or overwrite the following...
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of t...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of t...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of t...
6.9AI Score
0.0004EPSS
CVE-2021-47370 mptcp: ensure tx skbs always have the MPTCP ext
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of t...
7AI Score
0.0004EPSS
CVE-2021-47370 mptcp: ensure tx skbs always have the MPTCP ext
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of t...
6.6AI Score
0.0004EPSS
CVE-2024-4875 HT Mega – Absolute Addons For Elementor <=...
4.3CVSS
6.7AI Score
0.001EPSS
Five Core Tenets Of Highly Effective DevSecOps Practices
One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today's cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply.....
7.2AI Score
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.9AI Score
0.001EPSS
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. This makes it possible.....
6.4CVSS
5.7AI Score
0.001EPSS
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS