Lucene search

K

Rife Elementor Extensions & Templates Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 02:03 PM
1
cvelist
cvelist

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:03 PM
1
vulnrichment
vulnrichment

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 01:36 PM
cvelist
cvelist

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 01:36 PM
3
nvd
nvd

CVE-2024-35731

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

0.0004EPSS

2024-06-08 01:15 PM
cve
cve

CVE-2024-35731

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 01:15 PM
21
cvelist
cvelist

CVE-2024-35731 WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

0.0004EPSS

2024-06-08 12:53 PM
1
vulnrichment
vulnrichment

CVE-2024-35731 WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 12:53 PM
cve
cve

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

6.4AI Score

0.0004EPSS

2024-06-08 07:15 AM
23
nvd
nvd

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

0.0004EPSS

2024-06-08 07:15 AM
2
cvelist
cvelist

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

0.0004EPSS

2024-06-08 06:54 AM
1
vulnrichment
vulnrichment

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

5.8AI Score

0.0004EPSS

2024-06-08 06:54 AM
cve
cve

CVE-2024-3668

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-08 05:15 AM
22
nvd
nvd

CVE-2024-3668

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

0.001EPSS

2024-06-08 05:15 AM
2
cvelist
cvelist

CVE-2024-3668 PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

0.001EPSS

2024-06-08 04:32 AM
1
vulnrichment
vulnrichment

CVE-2024-3668 PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

6.8AI Score

0.001EPSS

2024-06-08 04:32 AM
nuclei
nuclei

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP...

9.8CVSS

7.8AI Score

0.002EPSS

2024-06-08 01:04 AM
36
osv
osv

Zend-JSON vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 09:49 PM
3
github
github

Zend-JSON vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 09:49 PM
2
osv
osv

ZendFramework potential XML eXternal Entity injection vectors

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 09:16 PM
1
github
github

ZendFramework potential XML eXternal Entity injection vectors

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 09:16 PM
2
osv
osv

ZendFramework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 09:10 PM
1
github
github

ZendFramework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 09:10 PM
5
osv
osv

Zendframework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 08:30 PM
github
github

Zendframework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific...

7.4AI Score

2024-06-07 08:30 PM
2
osv
osv

ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities

In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....

7.3AI Score

2024-06-07 08:27 PM
1
github
github

ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities

In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....

7.3AI Score

2024-06-07 08:27 PM
1
github
github

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

7AI Score

2024-06-07 07:56 PM
osv
osv

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

7AI Score

2024-06-07 07:56 PM
1
osv
osv

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

7.1AI Score

2024-06-07 06:32 PM
4
github
github

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

7.1AI Score

2024-06-07 06:32 PM
3
osv
osv

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

6.7AI Score

2024-06-07 06:28 PM
2
github
github

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

6.7AI Score

2024-06-07 06:28 PM
github
github

TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with...

6.7AI Score

2024-06-07 05:16 PM
osv
osv

TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with...

6.7AI Score

2024-06-07 05:16 PM
2
osv
osv

TYPO3 Cross-Site Scripting in Fluid ViewHelpers

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site...

6.7AI Score

2024-06-07 05:08 PM
3
github
github

TYPO3 Cross-Site Scripting in Fluid ViewHelpers

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site...

6.7AI Score

2024-06-07 05:08 PM
2
nuclei
nuclei

PHP CGI - Argument Injection

PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in...

9.8CVSS

9.7AI Score

0.967EPSS

2024-06-07 03:28 PM
43
nuclei
nuclei

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel,...

7.5CVSS

7.2AI Score

0.052EPSS

2024-06-07 02:17 PM
1
nuclei
nuclei

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST...

7.5CVSS

6.9AI Score

0.102EPSS

2024-06-07 02:11 PM
1
ibm
ibm

Security Bulletin: The IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188

Summary IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188(Malicious File Upload). Remediations/Fixes section of this bulletin provide instructions on how to address this vulnerability. Vulnerability Details ** CVEID: CVE-2023-45188 DESCRIPTION: **IBM Engineering.....

6.5CVSS

7.1AI Score

0.0004EPSS

2024-06-07 01:34 PM
1
nvd
nvd

CVE-2024-5542

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

6.1CVSS

0.0005EPSS

2024-06-07 01:15 PM
3
cve
cve

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

6.3AI Score

0.0005EPSS

2024-06-07 01:15 PM
22
nvd
nvd

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

5.3CVSS

0.0005EPSS

2024-06-07 01:15 PM
3
cve
cve

CVE-2024-5542

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

7.2CVSS

6.3AI Score

0.0005EPSS

2024-06-07 01:15 PM
21
cvelist
cvelist

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

0.0005EPSS

2024-06-07 12:33 PM
1
vulnrichment
vulnrichment

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-07 12:33 PM
1
cvelist
cvelist

CVE-2024-5542 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

7.2CVSS

0.0005EPSS

2024-06-07 12:33 PM
2
vulnrichment
vulnrichment

CVE-2024-5542 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

7.2CVSS

6.1AI Score

0.0005EPSS

2024-06-07 12:33 PM
nuclei
nuclei

MLFlow < 2.8.1 - Sensitive Information Disclosure

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST...

7.5CVSS

6.2AI Score

0.012EPSS

2024-06-07 10:46 AM
Total number of security vulnerabilities35838