ERoom – Zoom Meetings & Webinar (WordPress Plugin) Security Vulnerabilities

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...

CVE-2024-34764 WordPress Essential Addons for Elementor plugin <= 5.9.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

CVE-2024-34766 WordPress ChaosTheory theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic ChaosTheory allows Stored XSS.This issue affects ChaosTheory: from n/a through...

CVE-2024-34767 WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through...

CVE-2024-34769 WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in cyclonetheme Elegant Blocks allows Stored XSS.This issue affects Elegant Blocks: from n/a through...

CVE-2024-34770 WordPress Popup Maker WP plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a through...

CVE-2024-34789 WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

CVE-2024-34790 WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

CVE-2024-34791 WordPress WPB Elementor Addons plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpbean WPB Elementor Addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through...

CVE-2024-34793 WordPress WP Next Post Navi plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through...

CVE-2024-34794 WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through...

CVE-2024-34795 WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through...

CVE-2024-34796 WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through...

CVE-2024-34797 WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through...

CVE-2024-34801 WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n/a through...

CVE-2024-35631 WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through...

CVE-2024-35630 WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...

CVE-2024-34754 WordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through...

CVE-2024-34798 WordPress Debug Log – Manger Tool plugin <= 1.4.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through...

CVE-2024-34803 WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through...

CVE-2024-35633 WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through...

CVE-2024-35635 WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: docker, k9s, wolfictl, zot, cadvisor, ctop, telegraf, kubernetes, datadog-agent, runc, skopeo, nvidia-device-plugin, grype, kubescape, kaniko, nerdctl, newrelic-infrastructure-agent, skaffold, syft, buildkitd, k3s, trivy, ingress-nginx-controller, k3d, kots,...

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: falco, k3d, restic, dynamic-localpv-provisioner, hey, gke-gcloud-auth-plugin, wireguard-go, grpcurl,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: spark-operator, gitlab-pages, kubernetes-csi-external-attacher, terraform-provider-aws, dgraph, vault-csi-provider, frp, kubescape, haproxy-ingress, gke-gcloud-auth-plugin, cilium-envoy, istio-envoy, prometheus-adapter, terraform-provider-azurerm,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, istio-pilot-agent, kor, kubernetes-csi-external-attacher, kwok, policy-controller, crossplane-provider-azure, runc,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: docker-compose, gitlab-pages, containerd, jaeger-agent, istio-pilot-agent, kor, nri-kafka, crossplane-provider-azure, runc, kubeadm-controlplane-controller, mods, litestream, kubernetes-dashboard, terraform-provider-azurerm, k8ssandra-operator, conftest, go-md2man,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, kubernetes-csi-external-attacher, policy-controller, dask-gateway, crossplane-provider-azure, kafka_exporter, runc,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, kubernetes-csi-external-attacher, policy-controller, dask-gateway, crossplane-provider-azure, kafka_exporter, runc,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: spark-operator, bank-vaults, containerd, gitlab-pages, kubernetes-csi-external-attacher, crossplane-provider-azure, runc, dgraph, vault-csi-provider, frp, k8sgpt-operator, haproxy-ingress, gke-gcloud-auth-plugin, vault-k8s, kubernetes-dashboard, prometheus-adapter,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, istio-pilot-agent, kor, kubernetes-csi-external-attacher, kwok, policy-controller, crossplane-provider-azure, runc,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: falco, k3d, restic, dynamic-localpv-provisioner, hey, gke-gcloud-auth-plugin, wireguard-go, grpcurl,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, local-path-provisioner, vertical-pod-autoscaler, flannel-cni-plugin, go-bindata, gops, aws-flb-kinesis, ctop, influx, mage, dgraph, cni-plugins, docker-cli, go-licenses, gobuster, helm-push, sonobuoy, gke-gcloud-auth-plugin, metrics-server,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: docker-compose, gitlab-pages, containerd, jaeger-agent, istio-pilot-agent, kor, nri-kafka, crossplane-provider-azure, runc, kubeadm-controlplane-controller, mods, litestream, kubernetes-dashboard, terraform-provider-azurerm, k8ssandra-operator, conftest, go-md2man,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, kubernetes-csi-external-attacher, policy-controller, dask-gateway, crossplane-provider-azure, kafka_exporter, runc,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: spark-operator, bank-vaults, containerd, gitlab-pages, istio-pilot-agent, kubernetes-csi-external-attacher, crossplane-provider-azure, runc, dgraph, vault-csi-provider, frp, k8sgpt-operator, kubescape, haproxy-ingress, gke-gcloud-auth-plugin, vault-k8s,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, local-path-provisioner, vertical-pod-autoscaler, flannel-cni-plugin, go-bindata, gops, aws-flb-kinesis, ctop, influx, mage, dgraph, cni-plugins, docker-cli, go-licenses, gobuster, helm-push, sonobuoy, gke-gcloud-auth-plugin, metrics-server,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: spark-operator, bank-vaults, containerd, gitlab-pages, kubernetes-csi-external-attacher, crossplane-provider-azure, runc, dgraph, vault-csi-provider, frp, k8sgpt-operator, haproxy-ingress, gke-gcloud-auth-plugin, vault-k8s, kubernetes-dashboard, prometheus-adapter,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: spark-operator, bank-vaults, containerd, gitlab-pages, istio-pilot-agent, kubernetes-csi-external-attacher, crossplane-provider-azure, runc, dgraph, vault-csi-provider, frp, k8sgpt-operator, kubescape, haproxy-ingress, gke-gcloud-auth-plugin, vault-k8s,...

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, local-path-provisioner, vertical-pod-autoscaler, flannel-cni-plugin, go-bindata, gops, aws-flb-kinesis, ctop, influx, mage, dgraph, cni-plugins, docker-cli, go-licenses, gobuster, helm-push, sonobuoy, gke-gcloud-auth-plugin, metrics-server,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, local-path-provisioner, vertical-pod-autoscaler, flannel-cni-plugin, go-bindata, gops, aws-flb-kinesis, ctop, influx, mage, dgraph, cni-plugins, docker-cli, go-licenses, gobuster, helm-push, sonobuoy, gke-gcloud-auth-plugin, metrics-server,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: spark-operator, cosign, cluster-autoscaler, gitlab-pages, gatekeeper, mc, influxd, kubernetes-csi-external-attacher, prometheus-blackbox-exporter, keda, telegraf, kubevela, terraform-provider-aws, tctl, node-problem-detector, pulumi-language-yaml, dgraph,...