Survey Maker – Best WordPress Survey Plugin Security Vulnerabilities

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: dive, kubernetes-dashboard-metrics-scraper, tctl, wireguard-go, gitlab-runner, prometheus, gke-gcloud-auth-plugin, skaffold, prometheus-alertmanager, vertical-pod-autoscaler, argo-cd, thanos-operator, gatekeeper, bank-vaults, aactl, k3d, trillian, cloud-sql-proxy,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: dive, kubernetes-dashboard-metrics-scraper, tctl, wireguard-go, gitlab-runner, prometheus, gke-gcloud-auth-plugin, skaffold, prometheus-alertmanager, vertical-pod-autoscaler, argo-cd, thanos-operator, slsa-verifier, gatekeeper, bank-vaults, istio-pilot-discovery,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: flux-notification-controller, aws-efs-csi-driver, kubevela, metrics-server, conftest, pulumi-language-java, kubernetes-csi-external-attacher, secrets-store-csi-driver, kubernetes-csi-livenessprobe, kubescape, node-problem-detector,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, nginx-mainline, prometheus, skaffold, argo-cd, slsa-verifier, gatekeeper, amass, aactl, nghttp2, terraform-provider-azurerm, flux-source-controller, stakater-reloader, nats, pulumi-language-java,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: kubescape, zot, cadvisor, syft, grype, skaffold, nerdctl, runc, skopeo, trivy, ctop, kaniko, nvidia-device-plugin, kubernetes, ingress-nginx-controller, docker, buildkitd, k3d, kots, datadog-agent, k9s, telegraf, newrelic-infrastructure-agent, zarf, wolfictl,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, jaeger-agent, step-ca, mage, kubernetes-dashboard-metrics-scraper, spegel, logstash-exporter, wireguard-go, gitlab-runner, prometheus-beat-exporter, gke-gcloud-auth-plugin, skaffold, ksops, prometheus-alertmanager, http-echo, gobump,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: spegel, pluto, wireguard-go, prometheus-beat-exporter, ksops, prometheus-alertmanager, slsa-verifier, gatekeeper, ctop, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is...

CVE-2024-2473 WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

CVE-2024-0653 Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2023-6748 Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure

The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...

CVE-2024-0627 Custom Field Template <= 2.6.1 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom Field Name

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...

CVE-2024-5090 SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6745 Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...

CVE-2024-35754

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through...

CVE-2024-35749

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through...

CVE-2024-35749

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through...

CVE-2024-35754

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through...

CVE-2024-35746

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

CVE-2024-35743

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...

CVE-2024-35743

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...

CVE-2024-35745

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...

CVE-2024-35745

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...

CVE-2024-35746

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-35744

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...

CVE-2024-35744

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

CVE-2024-35754 WordPress Ovic Importer plugin <= 1.6.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through...

CVE-2024-35749 WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through...

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in...

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

CVE-2024-35745 WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...

CVE-2024-35743 WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through...

CVE-2024-35677

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...