SIGMA Lite & Lite + Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13...
6.3CVSS
9AI Score
0.001EPSS
7.1CVSS
7AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5...
6.5CVSS
5.2AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5...
6.5CVSS
6.5AI Score
0.0005EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5...
6.5CVSS
6.5AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5...
4.3CVSS
6.8AI Score
0.0005EPSS
A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to...
9.8CVSS
9.8AI Score
0.001EPSS
A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to...
9.8CVSS
7.5AI Score
0.001EPSS
A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to...
9.8CVSS
7.8AI Score
0.001EPSS
CVE-2015-10124 Most Popular Posts Widget Plugin functions.php show_views sql injection
A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to...
6.3CVSS
9.9AI Score
0.001EPSS
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details ** CVEID: CVE-2022-21724 DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) could allow a remote...
9.8CVSS
8.8AI Score
EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7...
6.1CVSS
6AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7...
7.1CVSS
5.7AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7...
6.1CVSS
5.7AI Score
0.0005EPSS
CVE-2023-39308 WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7...
7.1CVSS
6.2AI Score
0.0005EPSS
User Feedback < 1.0.8 - Unauthenticated Stored XSS
Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting...
6.1CVSS
5.8AI Score
0.0005EPSS
Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
7.2CVSS
6.9AI Score
0.001EPSS
Issue Overview: The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of...
7.5CVSS
7.9AI Score
0.002EPSS
Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
8.8CVSS
8.7AI Score
0.001EPSS
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-2 advisory. aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in...
9.1CVSS
7.4AI Score
0.008EPSS
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key...
7.5CVSS
6.5AI Score
0.001EPSS
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key...
7.5CVSS
7.3AI Score
0.001EPSS
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key...
7.5CVSS
7.2AI Score
0.001EPSS
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key...
7.5CVSS
7.2AI Score
0.001EPSS
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key...
7.4AI Score
0.001EPSS
wSecure Lite <= 2.5 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
5.6AI Score
0.0004EPSS
Wordpress Multiple Themes - Reflected Cross-Site Scripting
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.1CVSS
6AI Score
0.001EPSS
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
8.4AI Score
EPSS
Summary IBM Websphere Application Server - Liberty is used by IBM Application Performance Management. Vulnerability Details ** CVEID: CVE-2022-22475 DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an...
9.8CVSS
9.3AI Score
0.042EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2802)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2778)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.001EPSS
Oracle Linux 7 : bind (ELSA-2020-1061)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1061 advisory. Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND...
7.5CVSS
6.4AI Score
0.017EPSS
Oracle Linux 8 : bind (ELSA-2020-1845)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1845 advisory. With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without...
7.5CVSS
6.1AI Score
0.017EPSS
Oracle Linux 7 : bind (ELSA-2019-2057)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2057 advisory. To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy....
6.5CVSS
6.4AI Score
0.003EPSS
Oracle Linux 8 : bind (ELSA-2019-3552)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3552 advisory. Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND...
5.3CVSS
6.6AI Score
0.001EPSS
Avartan Slider Lite <= 1.5.3 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
5.7AI Score
0.0005EPSS
Summary IBM WebSphere Application Server Liberty is used by IBM Cloud Pak for Multicloud Management Monitoring as part of a middleware server. Vulnerability Details ** CVEID: CVE-2022-34165 DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server.....
7.5CVSS
7.3AI Score
0.034EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9...
5.4CVSS
5.8AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin <= 1.5.3...
6.1CVSS
6.3AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin <= 1.5.3...
7.1CVSS
6AI Score
0.0005EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9...
6.5CVSS
5.2AI Score
0.0004EPSS
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.1CVSS
6AI Score
0.001EPSS
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.1CVSS
6.1AI Score
0.001EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9...
5.4CVSS
5.2AI Score
0.0004EPSS
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.1CVSS
6AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin <= 1.5.3...
6.1CVSS
6AI Score
0.0005EPSS
CVE-2023-40197 WordPress flowpaper Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9...
6.5CVSS
6AI Score
0.0004EPSS
CVE-2023-2813 Multiple Themes - Reflected XSS
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.2AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5...
5.9CVSS
4.9AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5...
4.8CVSS
5.4AI Score
0.0004EPSS