The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.8CVSS
4.4AI Score
0.0004EPSS
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.8CVSS
5.3AI Score
0.0004EPSS
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.8CVSS
6AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...
4.3CVSS
6.7AI Score
0.0004EPSS
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with...
6.4CVSS
5AI Score
0.0005EPSS
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with...
5.4CVSS
5.7AI Score
0.0005EPSS
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with...
5.4CVSS
5.9AI Score
0.0005EPSS
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with...
6.4CVSS
5.8AI Score
0.0005EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...
4.3CVSS
4.6AI Score
0.0004EPSS
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
4.9AI Score
0.0004EPSS
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
5.8AI Score
0.0004EPSS
GLSA-202402-07 : Xen: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202402-07 (Xen: Multiple Vulnerabilities) grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain...
8.8CVSS
7.8AI Score
EPSS
Feed Them Social < 4.2.1 - Cross-Site Request Forgery via review_nag_check
Description The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the 'review_nag_check' function. This makes it possible...
6.6AI Score
0.0004EPSS
Spiffy Calendar < 4.9.9 - Broken Access Control
Description The plugin doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a...
6.7AI Score
0.0004EPSS
Spiffy Calendar < 4.9.9 - Broken Access Control
Description The plugin doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. PoC Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change....
6.4AI Score
0.0004EPSS
gitlab:sid is vulnerable of Unauthorized Access. The vulnerability due to unauthorized user to read user email addresses through the tags feed, even if the visibility setting for the email address in the user profile is disabled. It allows an unauthorized user can get access to read sensitive...
5.3CVSS
6.4AI Score
0.005EPSS
As we embark on another February, I am honored to reflect on the significance of Black History Month from the perspective of serving as the chair of Black Employees in Cybersecurity Obtaining Mentorship, Influence, Networking, and Growth (B.E.C.O.M.I.N.G.), Coalfire's Black Employee Resource Group....
7.2AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 52 vulnerabilities disclosed in 42...
9.8CVSS
9.4AI Score
EPSS
Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0. Release v8.3.1, only containing a security fix: Download Grafana 8.3.1 Release notes Release v8.2.7, only containing...
7.5CVSS
6.5AI Score
0.975EPSS
Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0. Release v8.3.1, only containing a security fix: Download Grafana 8.3.1 Release notes Release v8.2.7, only containing...
7.5CVSS
6.1AI Score
0.975EPSS
Grafana Cross Site Request Forgery (CSRF)
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for Cross Site Request Forgery for Grafana. Release v.8.3.5, only containing security fixes: Download Grafana 8.3.5 Release notes Release v.7.5.15, only containing security fixes: Download...
8.8CVSS
7.2AI Score
0.004EPSS
Grafana Cross Site Request Forgery (CSRF)
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for Cross Site Request Forgery for Grafana. Release v.8.3.5, only containing security fixes: Download Grafana 8.3.5 Release notes Release v.7.5.15, only containing security fixes: Download...
8.8CVSS
7.2AI Score
0.004EPSS
How to Prepare for a Cyberattack
Deciphering the Cyber Invasion Terrain We exist in an era deeply entrenched in digital dependence, where cyber invasions present significant risks for companies, government establishments, and solitary users. As we hurdle deeper into the digital era, the art of cyber misdemeanors continues to...
6.9AI Score
Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations
The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion.....
7.6AI Score
Craft CMS is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper input validation within the Feed-Me Name and Feed-Me URL fields while saving a feed using an Asset element type with no volume selected. This issue can be exploited by an attacker to perform a...
7.5CVSS
6.7AI Score
0.001EPSS
URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10....
9.9CVSS
6.8AI Score
0.96EPSS
An Intro to Kafka and RabbitMQ: The Masters of Messaging In the realm of messaging systems, two names stand out: Kafka and RabbitMQ. These two powerhouses have become the go-to solutions for developers and organizations looking to handle high-volume, real-time data processing and messaging. But...
7.2AI Score
An issue discovered in Craft CMS version 4.6.1.1 allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume...
7.5CVSS
6.9AI Score
0.001EPSS
An issue discovered in Craft CMS version 4.6.1.1 allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume...
7.5CVSS
7AI Score
0.001EPSS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input HACKED leads to cross site scripting....
6.1CVSS
6AI Score
0.0005EPSS
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input HACKED leads to cross site scripting....
6.1CVSS
4.5AI Score
0.0005EPSS
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input HACKED leads to cross site scripting....
6.1CVSS
6.5AI Score
0.0005EPSS
CVE-2024-1028 SourceCodester Facebook News Feed Like Post cross site scripting
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input HACKED leads to cross site scripting....
3.5CVSS
6.2AI Score
0.0005EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this...
9.8CVSS
9.4AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this...
9.8CVSS
7.1AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this...
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-1027 SourceCodester Facebook News Feed Like Post unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this...
6.3CVSS
9.7AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input alert(1) leads to cross site scripting. The....
6.1CVSS
4.6AI Score
0.0005EPSS
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input alert(1) leads to cross site scripting. The....
6.1CVSS
6AI Score
0.0005EPSS
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input alert(1) leads to cross site scripting. The....
6.1CVSS
6.6AI Score
0.0005EPSS
CVE-2024-1024 SourceCodester Facebook News Feed Like New Account cross site scripting
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input alert(1) leads to cross site scripting. The....
3.5CVSS
6.3AI Score
0.0005EPSS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about...
7.7AI Score
0.001EPSS
9.8CVSS
9.1AI Score
0.96EPSS
Exploit for Path Traversal in Ispyconnect Agent Dvr
AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution...
8.3AI Score
FreeBSD : Gitlab -- vulnerabilities (61fe903b-bc2e-11ee-b06e-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 61fe903b-bc2e-11ee-b06e-001b217b3468 advisory. An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to...
9.9CVSS
5.7AI Score
0.005EPSS
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been...
5.3CVSS
5.1AI Score
0.005EPSS
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been...
5.3CVSS
6.4AI Score
0.005EPSS