Lucene search

K

MyCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin Security Vulnerabilities

cvelist
cvelist

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-13 11:46 PM
1
vulnrichment
vulnrichment

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 11:46 PM
cvelist
cvelist

CVE-2023-37394 WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-13 11:44 PM
2
nvd
nvd

CVE-2024-0086

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

0.0004EPSS

2024-06-13 10:15 PM
2
cve
cve

CVE-2024-0086

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

5.4AI Score

0.0004EPSS

2024-06-13 10:15 PM
14
cvelist
cvelist

CVE-2024-0086 CVE

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

0.0004EPSS

2024-06-13 09:23 PM
4
vulnrichment
vulnrichment

CVE-2024-0086 CVE

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

5.3AI Score

0.0004EPSS

2024-06-13 09:23 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
osv
osv

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.9AI Score

0.0004EPSS

2024-06-13 02:15 PM
1
nvd
nvd

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 02:15 PM
cve
cve

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 02:15 PM
14
thn
thn

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine....

7.5AI Score

2024-06-13 02:08 PM
3
thn
thn

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a...

7.5AI Score

2024-06-13 01:55 PM
vulnrichment
vulnrichment

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 01:46 PM
1
cvelist
cvelist

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 01:46 PM
1
veracode
veracode

Improper Authorization

@strapi/plugin-content-manager is vulnerable to Improper Authorization. The vulnerability is due to improper access control, allowing users with the Author Role to see items in a collection associated with another collection that they did not...

2.3CVSS

6.5AI Score

0.0004EPSS

2024-06-13 12:16 PM
schneier
schneier

AI and the Indian Election

As India concluded the world's largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of...

7.2AI Score

2024-06-13 11:02 AM
1
thn
thn

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to...

6.8AI Score

2024-06-13 10:26 AM
githubexploit
githubexploit

Exploit for Insufficiently Protected Credentials in Jetbrains Aqua

CVE-2024-37051 Analysis Overview CVE-2024-37051 is a...

9.3CVSS

6.8AI Score

0.001EPSS

2024-06-13 09:15 AM
55
cve
cve

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

9.3AI Score

0.0004EPSS

2024-06-13 09:15 AM
15
nvd
nvd

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

0.0004EPSS

2024-06-13 09:15 AM
1
nvd
nvd

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 09:15 AM
1
cve
cve

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

3.5AI Score

0.0004EPSS

2024-06-13 09:15 AM
15
cve
cve

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

6AI Score

0.0005EPSS

2024-06-13 09:15 AM
15
nvd
nvd

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

0.0005EPSS

2024-06-13 09:15 AM
1
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
14
nvd
nvd

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 09:15 AM
1
cvelist
cvelist

CVE-2024-0979 Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

0.0005EPSS

2024-06-13 08:31 AM
2
cvelist
cvelist

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

0.0004EPSS

2024-06-13 08:31 AM
2
vulnrichment
vulnrichment

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

7.4AI Score

0.0004EPSS

2024-06-13 08:31 AM
3
vulnrichment
vulnrichment

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

6.3AI Score

0.0004EPSS

2024-06-13 08:31 AM
cvelist
cvelist

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 08:31 AM
3
cvelist
cvelist

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 08:31 AM
2
vulnrichment
vulnrichment

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 08:31 AM
cve
cve

CVE-2024-4615

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 08:16 AM
17
nvd
nvd

CVE-2024-4615

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

6.4CVSS

0.0004EPSS

2024-06-13 08:16 AM
2
cvelist
cvelist

CVE-2024-4615 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

6.4CVSS

0.0004EPSS

2024-06-13 07:31 AM
1
veracode
veracode

Denial-of-Service (DoS)

@strapi/plugin-upload is vulnerable to Denial-of-Service (DoS). The vulnerability is due to the server crashing without restarting when handling errors, causing it to become unavailable for all clients until manually...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-06-13 07:17 AM
cve
cve

CVE-2024-5265

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 07:15 AM
15
nvd
nvd

CVE-2024-5265

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....

6.4CVSS

0.0004EPSS

2024-06-13 07:15 AM
2
cvelist
cvelist

CVE-2024-5265 WPBakery Page Builder <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....

6.4CVSS

0.0004EPSS

2024-06-13 06:42 AM
1
cve
cve

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 06:15 AM
16
nvd
nvd

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

0.001EPSS

2024-06-13 06:15 AM
1
cve
cve

CVE-2024-4149

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

5.4AI Score

0.0004EPSS

2024-06-13 06:15 AM
17
nvd
nvd

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-13 06:15 AM
2
nvd
nvd

CVE-2024-4149

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-13 06:15 AM
2
cve
cve

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 06:15 AM
14
nvd
nvd

CVE-2024-4145

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site...

0.0004EPSS

2024-06-13 06:15 AM
1
nvd
nvd

CVE-2024-2762

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

0.0004EPSS

2024-06-13 06:15 AM
1
nvd
nvd

CVE-2024-3032

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect...

0.0004EPSS

2024-06-13 06:15 AM
1
Total number of security vulnerabilities316261