SIGMA Lite & Lite + Security Vulnerabilities

EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the...

RHEL 8 : bind and dhcp (RHSA-2024:1782)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1782 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

CVE-2024-3733

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and...

CVE-2024-3733

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and...

CVE-2024-31266

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through...

CVE-2024-31266

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through...

CVE-2024-31266 WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through...

CVE-2024-3733

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and...

Important: bind

Issue Overview: Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol...

CVE-2024-32675

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through...

CVE-2024-32675

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through...

CVE-2024-32675 WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through...

CVE-2024-32954

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-32954

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-32954 WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-32954 WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-32723

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through...

CVE-2024-32723

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through...

CVE-2024-32723 WordPress Advanced Floating Content plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through...

CVE-2024-32836

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through...

CVE-2024-32953

Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-32836

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through...

CVE-2024-32953

Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-32796

Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through...

CVE-2024-32796

Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through...

CVE-2024-32796 WordPress WP Fusion Lite <= 3.42.10 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through...

CVE-2024-32953 WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through...

CVE-2024-32836 WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through...

WP-Lister Lite for eBay < 3.6.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop...

CVE-2024-32681

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through...

CVE-2024-32682

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through...

CVE-2024-32682

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through...

CVE-2024-32681

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through...

CVE-2024-32681 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through...

CVE-2024-32682 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through...

CVE-2024-32694

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D...

CVE-2024-32694

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D...

CVE-2024-32694 WordPress 3D FlipBook, PDF Viewer, PDF Embedder plugin <= 3.62 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D...

java-17-openjdk security update

[17.0.11.0.9-2.0.1] - Add Oracle vendor bug URL [1:17.0.11.0.9-2] - Update to jdk-17.0.11+9 (GA) - Add openjdk-17.0.11+9.tar.xz to .gitignore - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Update buildver from 7 to 9 - Update portablerelease from 1 to 3 - Change is_ga from....

CVE-2024-1730

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets...

CVE-2024-1730

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets...

CVE-2024-1730

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...

CVE-2024-32573

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Stored XSS.This issue affects WP-Lister Lite for eBay: from n/a through...

CVE-2024-32573

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Stored XSS.This issue affects WP-Lister Lite for eBay: from n/a through...

CVE-2024-32572

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through...

CVE-2024-32572

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through...

CVE-2024-32572 WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through...

CVE-2024-32573 WordPress WP-Lister Lite for eBay plugin <= 3.5.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Stored XSS.This issue affects WP-Lister Lite for eBay: from n/a through...