Lucene search

K

Rife Elementor Extensions & Templates Security Vulnerabilities

cve
cve

CVE-2023-48761

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-06-19 11:15 AM
26
cvelist
cvelist

CVE-2023-48759 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-19 10:32 AM
2
cvelist
cvelist

CVE-2023-48760 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

8.2CVSS

0.0004EPSS

2024-06-19 10:21 AM
3
vulnrichment
vulnrichment

CVE-2023-48760 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

8.2CVSS

7AI Score

0.0004EPSS

2024-06-19 10:21 AM
vulnrichment
vulnrichment

CVE-2023-48761 WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

6.3CVSS

7AI Score

0.0004EPSS

2024-06-19 10:20 AM
cvelist
cvelist

CVE-2023-48761 WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

6.3CVSS

0.0004EPSS

2024-06-19 10:20 AM
2
nuclei
nuclei

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST...

9.8CVSS

7.8AI Score

0.937EPSS

2024-06-19 06:22 AM
12
nvd
nvd

CVE-2024-5343

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This...

8.8CVSS

0.0004EPSS

2024-06-19 06:15 AM
3
cve
cve

CVE-2024-5343

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This...

8.8CVSS

8.4AI Score

0.0004EPSS

2024-06-19 06:15 AM
20
vulnrichment
vulnrichment

CVE-2024-5343 Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Cross-Site Request Forgery to Post Creation and Limited Data Loss

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-19 05:37 AM
cvelist
cvelist

CVE-2024-5343 Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Cross-Site Request Forgery to Post Creation and Limited Data Loss

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This...

8.8CVSS

0.0004EPSS

2024-06-19 05:37 AM
2
nvd
nvd

CVE-2024-4623

The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

0.0004EPSS

2024-06-19 04:15 AM
2
cve
cve

CVE-2024-4623

The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-19 04:15 AM
24
cve
cve

CVE-2024-4663

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-06-19 04:15 AM
23
nvd
nvd

CVE-2024-4663

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS

0.0004EPSS

2024-06-19 04:15 AM
3
cvelist
cvelist

CVE-2024-4623 Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter

The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

0.0004EPSS

2024-06-19 03:12 AM
2
vulnrichment
vulnrichment

CVE-2024-4623 Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter

The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-19 03:12 AM
1
cvelist
cvelist

CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS

0.0004EPSS

2024-06-19 03:12 AM
2
vulnrichment
vulnrichment

CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS

6.4AI Score

0.0004EPSS

2024-06-19 03:12 AM
fedora
fedora

[SECURITY] Fedora 40 Update: kitty-0.35.1-4.fc40

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-c olor, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...

5.5CVSS

7.1AI Score

0.0004EPSS

2024-06-19 02:05 AM
1
openvas
openvas

Fedora: Security Advisory for kitty (FEDORA-2024-15039ba9f9)

The remote host is missing an update for...

5.5CVSS

5.5AI Score

0.0004EPSS

2024-06-19 12:00 AM
cvelist
cvelist

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

0.0004EPSS

2024-06-19 12:00 AM
vulnrichment
vulnrichment

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

7AI Score

0.0004EPSS

2024-06-19 12:00 AM
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details ** CVEID: CVE-2018-1000134 DESCRIPTION: **Ping Identity UnboundID LDAP SDK could allow a remote attacker...

9.8CVSS

9.3AI Score

0.974EPSS

2024-06-18 02:02 PM
18
nuclei
nuclei

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted...

9.8CVSS

7.1AI Score

0.027EPSS

2024-06-18 01:05 PM
5
nuclei
nuclei

Exrick XMall - SQL Injection

XMall v1.1 was discovered to contain a SQL injection vulnerability via the 'orderDir'...

9.8CVSS

8.2AI Score

0.003EPSS

2024-06-18 10:50 AM
2
nuclei
nuclei

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have...

10CVSS

8.2AI Score

0.738EPSS

2024-06-18 10:35 AM
2
nuclei
nuclei

XWiki < 4.10.20 - Remote code execution

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed....

10CVSS

7.6AI Score

0.001EPSS

2024-06-18 10:35 AM
30
nuclei
nuclei

XWiki < 4.10.15 - Email Disclosure

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki's regular search...

5.3CVSS

6.8AI Score

0.007EPSS

2024-06-18 10:34 AM
1
nuclei
nuclei

XWiki < 4.10.15 - Sensitive Information Disclosure

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

7.5CVSS

6.7AI Score

0.333EPSS

2024-06-18 10:34 AM
4
nuclei
nuclei

XWiki < 4.10.15 - Information Disclosure

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected...

7.5CVSS

6.3AI Score

0.508EPSS

2024-06-18 10:34 AM
3
veracode
veracode

Improper Privilege Management

org.keycloak: keycloak-services is vulnerable to Improper Privilege Management. The vulnerability is due to users with low privileges being able to utilize administrative functionalities within the Keycloak admin...

6.8AI Score

EPSS

2024-06-18 09:51 AM
2
nuclei
nuclei

CrateDB Database - Arbitrary File Read

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY.....

6.5CVSS

7AI Score

0.052EPSS

2024-06-18 09:47 AM
1
nuclei
nuclei

Smart s200 Management Platform v.S200 - SQL Injection

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php...

7.5AI Score

0.001EPSS

2024-06-18 09:16 AM
3
nuclei
nuclei

LyLme-Spage - Arbitary File Upload

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted...

7.7AI Score

EPSS

2024-06-18 07:04 AM
1
nuclei
nuclei

CRMEB v.5.2.2 - SQL Injection

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php...

7.5CVSS

7.5AI Score

0.005EPSS

2024-06-18 06:28 AM
8
veracode
veracode

Code Injection

nukeviet/nukeviet is vulnerable to Code Injection. The vulnerability is due to improper validation in the /admin/extensions/upload.php component. An attacker can exploit this vulnerability to execute arbitrary code on the...

7.8AI Score

0.0004EPSS

2024-06-18 06:12 AM
nuclei
nuclei

D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure

A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request...

5.3CVSS

6.9AI Score

0.001EPSS

2024-06-18 05:41 AM
1
cve
cve

CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-18 03:15 AM
25
nvd
nvd

CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

0.001EPSS

2024-06-18 03:15 AM
4
vulnrichment
vulnrichment

CVE-2024-0845 PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

6AI Score

0.001EPSS

2024-06-18 02:37 AM
1
cvelist
cvelist

CVE-2024-0845 PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

0.001EPSS

2024-06-18 02:37 AM
3
nuclei
nuclei

XWiki - Open Redirect

XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and...

6.1CVSS

6.7AI Score

0.3EPSS

2024-06-17 03:55 PM
1
veracode
veracode

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting (XSS). The vulnerability is due to templates using built-in Fluid ViewHelpers which fail to properly encode user...

6.4AI Score

2024-06-17 08:39 AM
2
nuclei
nuclei

Fujian Kelixin Communication - Command Injection

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file...

6.3CVSS

6.8AI Score

0.001EPSS

2024-06-17 08:29 AM
2
nuclei
nuclei

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...

7.3AI Score

0.001EPSS

2024-06-17 08:09 AM
5
veracode
veracode

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting (XSS). The vulnerability is due to improper handling of t3:// URLs and typolink functionality, affecting both backend forms and frontend extensions that use typolink...

6.4AI Score

2024-06-17 06:46 AM
1
wpvulndb
wpvulndb

PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render

Description The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-17 12:00 AM
1
nuclei
nuclei

EyouCms v1.6.3 - Information Disclosure

EyouCms v1.6.3 was discovered to contain an information disclosure vulnerability via the component...

5.3CVSS

7.2AI Score

0.01EPSS

2024-06-15 06:29 PM
nuclei
nuclei

Business Directory Plugin <= 6.4.2 - SQL Injection

The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS

8.2AI Score

0.029EPSS

2024-06-15 03:35 PM
Total number of security vulnerabilities35838