Lucene search

K

Rife Elementor Extensions & Templates Security Vulnerabilities

cve
cve

CVE-2024-34384

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

8.8CVSS

7.2AI Score

0.0005EPSS

2024-06-04 02:15 PM
4
nvd
nvd

CVE-2024-34384

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

8.8CVSS

6.8AI Score

0.0005EPSS

2024-06-04 02:15 PM
5
vulnrichment
vulnrichment

CVE-2024-35666 WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-04 01:53 PM
cvelist
cvelist

CVE-2024-35666 WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-04 01:53 PM
4
vulnrichment
vulnrichment

CVE-2024-35782 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-04 01:46 PM
cvelist
cvelist

CVE-2024-35782 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-04 01:46 PM
2
cvelist
cvelist

CVE-2024-34384 WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-04 01:17 PM
4
vulnrichment
vulnrichment

CVE-2024-34384 WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

6.9AI Score

0.0005EPSS

2024-06-04 01:17 PM
nvd
nvd

CVE-2024-33541

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 01:15 PM
cve
cve

CVE-2024-33541

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

7.1AI Score

0.0004EPSS

2024-06-04 01:15 PM
4
cvelist
cvelist

CVE-2024-33541 WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 01:04 PM
1
vulnrichment
vulnrichment

CVE-2024-33541 WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-04 01:04 PM
kitploit
kitploit

ROPDump - A Command-Line Tool Designed To Analyze Binary Executables For Potential Return-Oriented Programming (ROP) Gadgets, Buffer Overflow Vulnerabilities, And Memory Leaks

ROPDump is a tool for analyzing binary executables to identify potential Return-Oriented Programming (ROP) gadgets, as well as detecting potential buffer overflow and memory leak vulnerabilities. Features Identifies potential ROP gadgets in binary executables. Detects potential buffer overflow...

7.9AI Score

2024-06-04 12:30 PM
2
thn
thn

The Next Generation of RBI (Remote Browser Isolation)

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world....

7.4AI Score

2024-06-04 11:19 AM
1
redhat
redhat

(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
7
redhat
redhat

(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
6
nvd
nvd

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 10:15 AM
1
cve
cve

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-04 10:15 AM
4
veracode
veracode

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper sanitization of file extensions containing malicious sequences when accessing the server's file system directly or through synchronization, which allows an attacker to execute arbitrary scripts in the.....

6.9AI Score

2024-06-04 09:43 AM
veracode
veracode

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to Inline JavaScript settings within the RequireJS package, which allows an attacker to retrieve additional information about the installed system and third-party...

6.6AI Score

2024-06-04 09:32 AM
cvelist
cvelist

CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 09:31 AM
vulnrichment
vulnrichment

CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-04 09:31 AM
nvd
nvd

CVE-2023-33930

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

9.4AI Score

0.0004EPSS

2024-06-04 07:15 AM
cve
cve

CVE-2023-33930

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

7.3AI Score

0.0004EPSS

2024-06-04 07:15 AM
8
vulnrichment
vulnrichment

CVE-2023-33930 WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

7.1AI Score

0.0004EPSS

2024-06-04 07:08 AM
cvelist
cvelist

CVE-2023-33930 WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

9.4AI Score

0.0004EPSS

2024-06-04 07:08 AM
2
veracode
veracode

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to the mishandling of t3:// URL schemes and typolink functionality, which affecting both backend forms and frontend extensions using typolink rendering, which allows attackers to execute arbitrary JavaScript...

6.8AI Score

2024-06-04 06:36 AM
thn
thn

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates...

8.8CVSS

7.3AI Score

0.005EPSS

2024-06-04 06:33 AM
1
nvd
nvd

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 06:15 AM
1
cve
cve

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-04 06:15 AM
17
nvd
nvd

CVE-2024-0757

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip...

9.5AI Score

0.0004EPSS

2024-06-04 06:15 AM
cve
cve

CVE-2024-0757

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip...

7.2AI Score

0.0004EPSS

2024-06-04 06:15 AM
5
cvelist
cvelist

CVE-2024-0757 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip...

9.5AI Score

0.0004EPSS

2024-06-04 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-0757 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip...

6.9AI Score

0.0004EPSS

2024-06-04 06:00 AM
veracode
veracode

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site scripting (XSS). The vulnerability is caused by improper user input encoding when using templates in the built-in Fluid ViewHelpers, which allows an attacker to inject malicious scripts into the...

6.6AI Score

2024-06-04 05:52 AM
1
vulnrichment
vulnrichment

CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-04 05:32 AM
cvelist
cvelist

CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 05:32 AM
1
nessus
nessus

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
2
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
cve
cve

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-03 03:15 PM
40
osv
osv

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.1AI Score

0.0004EPSS

2024-06-03 03:15 PM
nvd
nvd

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-03 03:15 PM
cvelist
cvelist

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-03 02:17 PM
vulnrichment
vulnrichment

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-03 02:17 PM
githubexploit

8.6CVSS

6.5AI Score

0.945EPSS

2024-06-03 01:30 PM
73
nvd
nvd

CVE-2024-35632

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-06-03 12:15 PM
4
cve
cve

CVE-2024-35632

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

7.3AI Score

0.0004EPSS

2024-06-03 12:15 PM
14
nvd
nvd

CVE-2024-34764

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-03 12:15 PM
cve
cve

CVE-2024-34764

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-03 12:15 PM
25
vulnrichment
vulnrichment

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-03 11:49 AM
Total number of security vulnerabilities35594