The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...
5.3CVSS
7.2AI Score
0.0005EPSS
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...
5.3CVSS
5.2AI Score
0.0005EPSS
The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated...
5.3CVSS
7.1AI Score
0.0005EPSS
The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated...
5.3CVSS
5.2AI Score
0.0005EPSS
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...
5.3CVSS
5.2AI Score
0.0005EPSS
The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for...
5.3CVSS
6.9AI Score
0.0005EPSS
The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated...
5.3CVSS
5.2AI Score
0.0005EPSS
The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated...
5.3CVSS
6.9AI Score
0.0005EPSS
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...
9.8CVSS
9.7AI Score
0.001EPSS
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...
9.8CVSS
7.4AI Score
0.001EPSS
CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...
9.8CVSS
9.7AI Score
0.001EPSS
Microsoft is named a leader in the Forrester Wave for XDR
“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...
6.8AI Score
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...
5.9CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...
5.9CVSS
6.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...
5.9CVSS
6.1AI Score
0.0004EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
Description The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it...
5.3CVSS
6.8AI Score
0.0005EPSS
Description The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for...
5.3CVSS
6.8AI Score
0.0005EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: rust-cargo-readme-3.3.1-3.fc39
A cargo subcommand to generate README.md content from doc...
7.2AI Score
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
7.5AI Score
7.4AI Score
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023,....
7.6AI Score
7.5AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered
OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true...
6.8AI Score
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.4AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.1AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.4AI Score
0.001EPSS
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes.....
7.6CVSS
7.4AI Score
0.0004EPSS
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes.....
7.6CVSS
7.4AI Score
0.0004EPSS
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes.....
7.6CVSS
7.4AI Score
0.0004EPSS
WP eMember < 10.3.9 - Reflected Cross-Site Scripting
Description The WooCommerce and WP eMember Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 10.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6AI Score
0.0004EPSS
Amazon Linux 2 : golang (ALAS-2024-2554)
The version of golang installed on the remote host is prior to 1.22.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2554 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
7.3AI Score
0.0004EPSS
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Description The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes.....
7.6CVSS
7.4AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.8CVSS
10AI Score
0.035EPSS
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions or comments...
8AI Score
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions or comments...
8AI Score
Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware
Europol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot as part of a coordinated law enforcement effort codenamed Operation Endgame. "The actions focused on disrupting...
7.2AI Score