Five Star Restaurant Reservations – Wordpress Booking Plugin Security Vulnerabilities

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: grpcurl, wireguard-go, go, restic, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, k3d, hey,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, k3s, kubescape, wolfictl, zot, docker, nvidia-device-plugin, nerdctl, telegraf, datadog-agent, ctop, k3d, cadvisor, buildkitd, syft, trivy, skopeo, zarf, grype, skaffold, newrelic-infrastructure-agent, runc, kubernetes, kots, k9s,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, vexctl, aactl, gatekeeper, docker, cortex, slsa-verifier, cri-tools, nri-discovery-kubernetes,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: dex, dotnet, cilium-envoy, oauth2-proxy, tomcat, aactl, gatekeeper, nghttp2, cortex, slsa-verifier, git-lfs, argo-cd, goreleaser, gke-gcloud-auth-plugin, traefik, falco, spark-operator, cosign, nats, kubernetes-csi-node-driver-registrar, prometheus-blackbox-exporter,.....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, goreleaser, bazelisk, cloudflared, spark-operator, gptscript, configmap-reload, newrelic-infra-operator, containerd,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, go, hcloud, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, aactl, go-fips, cortex, cri-tools, git-lfs, step, istio-operator, flannel, sonobuoy,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, go, hcloud, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, aactl, go-fips, cortex, cri-tools, git-lfs, step, istio-operator, flannel, sonobuoy,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, bazelisk, local-static-provisioner, cloudflared, configmap-reload, newrelic-infra-operator, dagger, vcluster, go-md2man,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, gitlab-logger, docker-credential-ecr-login, grpcurl, gops, cilium-envoy, nsc, aws-flb-kinesis, go-bindata, flannel-cni-plugin, aactl, aws-flb-cloudwatch, sops, petname, cortex, slsa-verifier, docker-cli, nri-discovery-kubernetes,.....

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, dex, aws-ebs-csi-driver, oauth2-proxy, aactl, gatekeeper, git-lfs, argo-cd, goreleaser, gke-gcloud-auth-plugin, timoni, vault, spark-operator, cosign, kubernetes-csi-node-driver-registrar,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, vexctl, aactl, gatekeeper, docker, cortex, slsa-verifier, cri-tools, nri-discovery-kubernetes,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: chezmoi, grafana-agent-operator, step-ca, gitlab-runner, kubescape, grafana-mimir, zot, py3-cassandra-medusa, loki, keda, sops, tekton-pipelines, harbor-registry, tempo, cortex, step, flux-kustomize-controller, argo-workflows, fluent-bit-plugin-loki, bank-vaults,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: chezmoi, grafana-agent-operator, step-ca, gitlab-runner, kubescape, grafana-mimir, zot, py3-cassandra-medusa, loki, keda, sops, tekton-pipelines, harbor-registry, tempo, cortex, step, flux-kustomize-controller, argo-workflows, fluent-bit-plugin-loki, bank-vaults,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: grpcurl, wireguard-go, go, restic, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, k3d, hey,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, goreleaser, bazelisk, cloudflared, spark-operator, gptscript, configmap-reload, newrelic-infra-operator, containerd,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, go, hcloud, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, aactl, cortex, cri-tools, git-lfs, step, istio-operator, flannel, sonobuoy,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, bazelisk, local-static-provisioner, cloudflared, configmap-reload, newrelic-infra-operator, dagger, vcluster, go-md2man,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, dex, aws-ebs-csi-driver, oauth2-proxy, aactl, gatekeeper, slsa-verifier, git-lfs, istio-operator, istio-cni, argo-cd, goreleaser, gke-gcloud-auth-plugin, timoni, falco, vault, spark-operator, cosign, nats,.....

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, dex, aws-ebs-csi-driver, oauth2-proxy, aactl, gatekeeper, slsa-verifier, git-lfs, istio-operator, istio-cni, argo-cd, goreleaser, gke-gcloud-auth-plugin, timoni, falco, vault, spark-operator, cosign, nats,.....

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: pulumi-language-dotnet, kubescape, dex, terraform, weaviate, cilium-envoy, oauth2-proxy, pulumi-language-java, dynamic-localpv-provisioner, gitlab-pages, keda, aactl, flux-notification-controller, mc, gatekeeper, kubeflow-katib, kubernetes-csi-livenessprobe,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, bazelisk, local-static-provisioner, cloudflared, configmap-reload, newrelic-infra-operator, dagger, vcluster, go-md2man,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, gitlab-logger, docker-credential-ecr-login, grpcurl, gops, cilium-envoy, nsc, aws-flb-kinesis, go-bindata, flannel-cni-plugin, aactl, aws-flb-cloudwatch, sops, petname, cortex, slsa-verifier, docker-cli, nri-discovery-kubernetes,.....

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, gitlab-logger, docker-credential-ecr-login, grpcurl, gops, cilium-envoy, nsc, aws-flb-kinesis, go-bindata, flannel-cni-plugin, aactl, aws-flb-cloudwatch, sops, petname, cortex, slsa-verifier, docker-cli, nri-discovery-kubernetes,.....

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, gitlab-logger, docker-credential-ecr-login, grpcurl, gops, cilium-envoy, nsc, aws-flb-kinesis, go-bindata, flannel-cni-plugin, aactl, aws-flb-cloudwatch, sops, petname, cortex, slsa-verifier, docker-cli, nri-discovery-kubernetes,.....

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, dex, aws-ebs-csi-driver, oauth2-proxy, aactl, gatekeeper, git-lfs, argo-cd, goreleaser, gke-gcloud-auth-plugin, timoni, vault, spark-operator, cosign, kubernetes-csi-node-driver-registrar,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: dex, dotnet, cilium-envoy, oauth2-proxy, tomcat, aactl, gatekeeper, nghttp2, cortex, slsa-verifier, git-lfs, argo-cd, goreleaser, gke-gcloud-auth-plugin, traefik, falco, spark-operator, cosign, nats, kubernetes-csi-node-driver-registrar, prometheus-blackbox-exporter,.....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, grafana-agent-operator, chartmuseum, caddy, go, hcloud, dex, aws-ebs-csi-driver, oauth2-proxy, kustomize, loki, aactl, cortex, cri-tools, git-lfs, step, istio-operator, flannel, sonobuoy,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, go, aactl, gatekeeper, cri-tools, flannel, istio-cni, nri-memcached, bazelisk, local-static-provisioner, cloudflared, configmap-reload, newrelic-infra-operator, dagger, vcluster, go-md2man,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: litefs, tigera-operator, kubernetes-dashboard-metrics-scraper, chartmuseum, caddy, dex, aws-ebs-csi-driver, kustomize, nri-apache, loki, vexctl, gatekeeper, speedtest-go, cortex, slsa-verifier, yam, cri-tools, nri-discovery-kubernetes, argo-cd, nri-memcached,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, k3s, kubescape, wolfictl, zot, docker, nvidia-device-plugin, nerdctl, telegraf, datadog-agent, ctop, k3d, cadvisor, buildkitd, syft, trivy, skopeo, zarf, grype, skaffold, newrelic-infrastructure-agent, runc, kubernetes, kots, k9s,...

CVE-2024-2386

The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-2386

The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-2386 WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection

The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...