WordPress Header Builder Plugin – Pearl Security Vulnerabilities

CVE-2024-5036

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

CVE-2024-5036 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

CVE-2024-5036 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubescape, minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, skopeo, argo-cd, grafana, rqlite, spicedb, temporal-server, ctop, istio-cni, clusterctl, cri-tools, kor, kubernetes-csi-livenessprobe, trillian,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-VR64-R9QJ-H27F vulnerabilities

Vulnerabilities for packages:...

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: restic, k3d, grpcurl, wireguard-go, go, falco, dynamic-localpv-provisioner, gke-gcloud-auth-plugin,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kubescape, minio, ip-masq-agent, flux-helm-controller, argo-cd, rqlite, kubernetes-csi-livenessprobe, external-dns, aactl, grype, secrets-store-csi-driver-provider-gcp, tomcat, opentofu, cluster-autoscaler, goreleaser, prometheus-bind-exporter,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: kubescape, nvidia-device-plugin, telegraf, skopeo, skaffold, wolfictl, ctop, docker, k9s, runc, kots, newrelic-infrastructure-agent, zot, kaniko, k3s, cadvisor, grype, kubernetes, k3d, trivy, nerdctl, ingress-nginx-controller, syft, zarf, buildkitd,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, rqlite, litestream, spicedb, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, hubble, crossplane-provider-aws, prometheus-postgres-exporter, argo-workflows,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: kubescape, aws-ebs-csi-driver, ip-masq-agent, mkcert, kubernetes-dashboard, skopeo, kubebuilder, litestream, logstash, petname, spicedb, tempo, ctop, harbor-cli, clusterctl, kafka_exporter, cri-tools, crane, kubernetes-csi-livenessprobe, gobump, neuvector-scanner,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: kubescape, aws-ebs-csi-driver, ip-masq-agent, mkcert, kubernetes-dashboard, skopeo, kubebuilder, litestream, logstash, petname, spicedb, tempo, ctop, harbor-cli, clusterctl, kafka_exporter, cri-tools, crane, kubernetes-csi-livenessprobe, gobump, neuvector-scanner,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, litestream, spicedb, ctop, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, crossplane-provider-aws, grafana-mimir, prometheus-postgres-exporter, argo-workflows,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: kind, cass-operator, go-licenses, ip-masq-agent, slsa-verifier, nats, sonobuoy, grpcurl, cortex, smarter-device-manager, render-template, falco, petname, ctop, cilium-envoy, gke-gcloud-auth-plugin, kubernetes-dashboard-metrics-scraper, vertical-pod-autoscaler, amass,.....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, prometheus-pushgateway, kubernetes-dashboard, argo-cd, rqlite, kubernetes-csi-livenessprobe, trillian, external-dns, k3s, kubernetes-csi-external-snapshotter, crossplane-provider-aws, aactl,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubescape, minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, skopeo, argo-cd, grafana, rqlite, spicedb, temporal-server, ctop, istio-cni, clusterctl, cri-tools, kor, kubernetes-csi-livenessprobe, trillian,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: ksops, kyverno, telegraf, loki, tekton-pipelines, timestamp-authority, cosign, k8sgpt, hugo, thanos, cortex, sigstore-scaffolding, grafana, policy-controller, harbor-registry, tempo, falcoctl, flux-kustomize-controller, rclone, flyte, up, py3-cassandra-medusa,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: ksops, kyverno, telegraf, loki, tekton-pipelines, timestamp-authority, cosign, k8sgpt, hugo, thanos, cortex, sigstore-scaffolding, grafana, policy-controller, harbor-registry, tempo, falcoctl, flux-kustomize-controller, rclone, flyte, up, py3-cassandra-medusa,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: restic, k3d, grpcurl, wireguard-go, go, falco, dynamic-localpv-provisioner, gke-gcloud-auth-plugin,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, rqlite, litestream, spicedb, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, hubble, crossplane-provider-aws, prometheus-postgres-exporter, argo-workflows,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, litestream, spicedb, ctop, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, crossplane-provider-aws, grafana-mimir, prometheus-postgres-exporter, argo-workflows,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubescape, minio, aws-ebs-csi-driver, flux-helm-controller, prometheus-pushgateway, kubernetes-dashboard, argo-cd, rqlite, istio-cni, kubernetes-csi-livenessprobe, trillian, external-dns, k3s, kubernetes-csi-external-snapshotter, crossplane-provider-aws, aactl,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: kubescape, aws-ebs-csi-driver, ip-masq-agent, mkcert, kubernetes-dashboard, skopeo, kubebuilder, litestream, logstash, petname, spicedb, tempo, ctop, harbor-cli, clusterctl, kafka_exporter, cri-tools, crane, kubernetes-csi-livenessprobe, gobump, neuvector-scanner,...

CVE-2024-22871 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: kind, cass-operator, go-licenses, ip-masq-agent, slsa-verifier, nats, sonobuoy, grpcurl, cortex, smarter-device-manager, render-template, falco, petname, ctop, cilium-envoy, gke-gcloud-auth-plugin, kubernetes-dashboard-metrics-scraper, vertical-pod-autoscaler, amass,.....

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, litestream, spicedb, ctop, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, crossplane-provider-aws, grafana-mimir, prometheus-postgres-exporter, argo-workflows,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: kind, cass-operator, go-licenses, ip-masq-agent, slsa-verifier, nats, sonobuoy, grpcurl, cortex, smarter-device-manager, render-template, falco, petname, ctop, cilium-envoy, gke-gcloud-auth-plugin, kubernetes-dashboard-metrics-scraper, vertical-pod-autoscaler, amass,.....

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: kind, cass-operator, go-licenses, ip-masq-agent, slsa-verifier, nats, sonobuoy, grpcurl, cortex, smarter-device-manager, render-template, falco, petname, ctop, cilium-envoy, gke-gcloud-auth-plugin, kubernetes-dashboard-metrics-scraper, vertical-pod-autoscaler, amass,.....

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, prometheus-pushgateway, kubernetes-dashboard, argo-cd, rqlite, kubernetes-csi-livenessprobe, trillian, external-dns, k3s, kubernetes-csi-external-snapshotter, crossplane-provider-aws, aactl,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kubescape, minio, aws-ebs-csi-driver, flux-helm-controller, prometheus-pushgateway, kubernetes-dashboard, argo-cd, rqlite, istio-cni, kubernetes-csi-livenessprobe, trillian, external-dns, k3s, kubernetes-csi-external-snapshotter, crossplane-provider-aws, aactl,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kubescape, minio, ip-masq-agent, flux-helm-controller, argo-cd, rqlite, kubernetes-csi-livenessprobe, external-dns, aactl, grype, secrets-store-csi-driver-provider-gcp, tomcat, opentofu, cluster-autoscaler, goreleaser, prometheus-bind-exporter,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: kubescape, nvidia-device-plugin, pulumi-language-yaml, minio, envoy-ratelimit, coredns, conftest, cosign, flux-helm-controller, prometheus-adapter, prometheus-blackbox-exporter, argo-cd, slsa-verifier, spark-operator, cortex, telegraf, thanos, falco,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: kubescape, aws-ebs-csi-driver, ip-masq-agent, mkcert, kubernetes-dashboard, skopeo, kubebuilder, litestream, logstash, petname, spicedb, tempo, ctop, harbor-cli, clusterctl, kafka_exporter, cri-tools, crane, kubernetes-csi-livenessprobe, gobump, neuvector-scanner,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: kubescape, ip-masq-agent, skopeo, dataplaneapi, yam, litestream, spicedb, ctop, clusterctl, crane, aws-flb-firehose, neuvector-scanner, prometheus-redis-exporter, external-dns, crossplane-provider-aws, grafana-mimir, prometheus-postgres-exporter, argo-workflows,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: minio, aws-ebs-csi-driver, flux-helm-controller, ip-masq-agent, kubernetes-dashboard, prometheus-pushgateway, kubebuilder, argo-cd, dataplaneapi, yam, rqlite, tailscale, petname, temporal-server, ctop, clusterctl, cri-tools, kor, aws-flb-firehose,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: kubescape, nvidia-device-plugin, telegraf, skopeo, skaffold, wolfictl, ctop, docker, k9s, runc, kots, newrelic-infrastructure-agent, zot, kaniko, k3s, cadvisor, grype, kubernetes, k3d, trivy, nerdctl, ingress-nginx-controller, syft, zarf, buildkitd,...

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....

CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...

CVE-2024-5475

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...