The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
5.8AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
0.001EPSS
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.4CVSS
0.001EPSS
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
0.001EPSS
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
6.1CVSS
0.0005EPSS
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
6.1CVSS
6.4AI Score
0.0005EPSS
The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
0.0004EPSS
The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
5.7AI Score
0.0004EPSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting...
5.4CVSS
5.8AI Score
0.0004EPSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting...
5.4CVSS
0.0004EPSS
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...
4.3CVSS
0.0004EPSS
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...
4.3CVSS
6.5AI Score
0.0004EPSS
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
6.7AI Score
0.0005EPSS
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
0.0005EPSS
CVE-2024-3111 H5P < 1.15.8 - Contributor+ Stored XSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting...
0.0004EPSS
CVE-2024-4664 WP Chat App < 3.6.5 - Admin+ Stored XSS
The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is...
0.0004EPSS
CVE-2024-1330 Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...
0.0004EPSS
CVE-2024-1330 Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...
6.8AI Score
0.0004EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.1AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.8AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
0.001EPSS
A vulnerability was found in the Jenkins Structs Plugin. When it fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...
6.1AI Score
0.0004EPSS
A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system. Users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission...
6.3AI Score
0.0004EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
5.4CVSS
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
5.4CVSS
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
0.001EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
8.9AI Score
0.001EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
0.001EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
5.7AI Score
0.001EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
5.4CVSS
0.001EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
0.001EPSS
CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
0.001EPSS
Debian dsa-5723 : libcolorcorrect5 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5723 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5723-1 [email protected] ...
6.9AI Score
EPSS
Debian dla-3841 : linux-config-5.10 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3841 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3841-1 [email protected] ...
7.8CVSS
8.2AI Score
EPSS
RHEL 9 : golang (RHSA-2024:4146)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4146 advisory. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http, x/net/http2: unlimited number of...
7.5CVSS
8.1AI Score
0.0005EPSS
Fedora 40 : openvpn (2024-b611e122fb)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b611e122fb advisory. Update to upstream OpenVPN 2.6.11 CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them ...
7AI Score
EPSS
Ubuntu 14.04 LTS : SQLite vulnerability (USN-5615-3)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5615-3 advisory. USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory...
9.8CVSS
10AI Score
EPSS
Ubuntu 22.04 LTS : OpenSSL vulnerability (USN-6854-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6854-1 advisory. It was discovered that OpenSSL failed to choose an appropriately short private key size when computing shared-secrets in the Diffie-Hellman Key Agreement...
7.5CVSS
7AI Score
0.008EPSS
Fedora 40 : moodle (2024-020937763e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-020937763e advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
7.7AI Score
0.0004EPSS