Yasr – Yet Another Stars Rating (WordPress Plugin) Security Vulnerabilities
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...
7.1CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...
5.9CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...
5.9CVSS
5.8AI Score
0.0004EPSS
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...
7.1CVSS
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...
9.1CVSS
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...
9.1CVSS
9.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.6CVSS
7.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...
7.6CVSS
7.5AI Score
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.6CVSS
0.0004EPSS
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...
7.6CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through...
6.5CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.3CVSS
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.3CVSS
7.2AI Score
0.0004EPSS
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed...
9.8CVSS
8AI Score
0.321EPSS
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....
6.1CVSS
6.8AI Score
0.0004EPSS
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....
6.1CVSS
6.5AI Score
0.0004EPSS
TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely
Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...
7.3AI Score
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...
7.1CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...
5.9CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...
5.9CVSS
0.0004EPSS
CVE-2023-25697 WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...
5.4CVSS
0.0004EPSS
CVE-2023-25697 WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
CVE-2022-45832 WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2023-39312 WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...
9.1CVSS
0.0004EPSS
CVE-2023-39312 WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...
9.1CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.3CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.3CVSS
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.6CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...
7.6CVSS
0.0004EPSS
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...
7.6CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...
7.6CVSS
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...
7.1CVSS
0.0004EPSS
Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through...
5.4CVSS
0.0004EPSS