Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through...
7.5CVSS
7.6AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through...
7.5CVSS
7.1AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through...
5.3CVSS
7.7AI Score
0.001EPSS
Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_preview_emails
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcal_preview_emails function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate...
6.9AI Score
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcal_delete_expired_used_coupon_code function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate...
6.9AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 84 vulnerabilities disclosed in 67...
9.8CVSS
8.9AI Score
EPSS
Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2015-8383 DESCRIPTION: **PCRE is...
9.8CVSS
10AI Score
EPSS
Summary Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details ** CVEID: CVE-2022-3171 DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the...
7.5CVSS
7.1AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...
9.8CVSS
9.6AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...
10CVSS
9.4AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...
9.8CVSS
7.2AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through...
10CVSS
9.7AI Score
0.001EPSS
GS Pins for Pinterest Lite < 1.8.1 - Missing Authorization via _update_shortcode
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check and a misconfigured nonce check on the _update_shortcode function, allowing authenticated attackers, with subscriber access and above, to update the plugin's...
6.8AI Score
WP-Lister Lite for eBay < 3.5.8 - Reflected Cross-Site Scripting via 's'
Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.1AI Score
0.0005EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress themes that have been added to the Wordfence...
9.8CVSS
9.2AI Score
0.033EPSS
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through...
4.3CVSS
5.1AI Score
0.0004EPSS
Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...
9.8CVSS
7.2AI Score
0.001EPSS
Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...
9.8CVSS
9.3AI Score
0.001EPSS
Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2022-36418 WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication
Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through...
6.5CVSS
9.7AI Score
0.001EPSS
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
4.8CVSS
4.7AI Score
0.0004EPSS
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
4.8CVSS
4.7AI Score
0.0004EPSS
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
4.8CVSS
5.9AI Score
0.0004EPSS
CVE-2023-7154 Hubbub Lite < 1.32.0 - Admin+ Stored XSS
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
5AI Score
0.0004EPSS
CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the...
7.5AI Score
0.0005EPSS
EulerOS 2.0 SP9 : bind (EulerOS-SA-2023-3291)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...
7.5CVSS
7AI Score
0.002EPSS
EulerOS Virtualization 2.10.1 : bind (EulerOS-SA-2023-3489)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....
7.5CVSS
8.2AI Score
0.002EPSS
EulerOS Virtualization 2.10.1 : bind (EulerOS-SA-2023-2911)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...
7.5CVSS
8.3AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2023-2930)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...
7.5CVSS
8.3AI Score
0.001EPSS
EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-2802)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently...
7.5CVSS
8.3AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2023-3461)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....
7.5CVSS
8.2AI Score
0.002EPSS
EulerOS 2.0 SP9 : bind (EulerOS-SA-2023-3323)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...
7.5CVSS
7AI Score
0.002EPSS
EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2024-1028)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....
7.5CVSS
7AI Score
0.002EPSS
EulerOS Virtualization 2.9.0 : bind (EulerOS-SA-2024-1002)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing....
7.5CVSS
7AI Score
0.002EPSS
EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-3164)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...
7.5CVSS
8.2AI Score
0.002EPSS
EulerOS Virtualization 3.0.6.6 : bind (EulerOS-SA-2023-3391)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...
7.5CVSS
7.1AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : bind (EulerOS-SA-2023-3419)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...
7.5CVSS
7.2AI Score
0.001EPSS
EulerOS 2.0 SP8 : bind (EulerOS-SA-2023-3113)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently...
7.5CVSS
7.2AI Score
0.001EPSS
EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-2778)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently...
7.5CVSS
8.3AI Score
0.001EPSS
EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2023-2949)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...
7.5CVSS
7.6AI Score
0.001EPSS
EulerOS Virtualization 2.9.0 : bind (EulerOS-SA-2023-2975)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it...
7.5CVSS
7.2AI Score
0.001EPSS
EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-3199)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is...
7.5CVSS
8.2AI Score
0.002EPSS
CentOS Errata and Security Advisory CESA-2023:5691 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...
7.5CVSS
7.3AI Score
0.002EPSS
Product Delivery Date for WooCommerce – Lite < 2.7.1 - Missing Authorization
Description The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdd_delete_all_special_delivery() function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers.....
6.4AI Score
EPSS
Ajax Search Lite < 4.11.5 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a...
7.1CVSS
6.1AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2024 to January 7, 2024)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...
9.8CVSS
10AI Score
EPSS
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it...
6.5CVSS
5.2AI Score
0.001EPSS