June 11, 2024—KB5039217 (OS Build 17763.5936)
June 11, 2024—KB5039217 (OS Build 17763.5936) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...
9.8CVSS
7.2AI Score
0.003EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...
4.3CVSS
4.5AI Score
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...
6.4CVSS
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...
4.3CVSS
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
4.4AI Score
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...
6.4CVSS
0.0004EPSS
CVE-2024-0653 Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
0.0004EPSS
CVE-2024-0653 Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
5.8AI Score
0.0004EPSS
CVE-2023-6748 Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...
4.3CVSS
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...
6.4CVSS
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...
6.4CVSS
0.0004EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.0004EPSS
Description The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.8AI Score
0.001EPSS
Amazon Linux 2 : firefox (ALASFIREFOX-2024-025)
The version of firefox installed on the remote host is prior to 115.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-025 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in...
8.7AI Score
0.0004EPSS
openSUSE 15 Security Update : opera (openSUSE-SU-2024:0156-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0156-1 advisory. Update to 110.0.5130.64 * CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 * DNA-116317 Create outline or shadow...
9.6CVSS
8AI Score
0.003EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
9.5AI Score
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...
8.5CVSS
8.6AI Score
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...
8.5CVSS
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
7AI Score
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...
8.5CVSS
0.0004EPSS
Bypassing 2FA with phishing and OTP bots
Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...
7.2AI Score
Authentication Bypass / Remote Code Execution (RCE)
dtale is vulnerable to Authentication Bypass / Remote Code Execution (RCE). The vulnerability is due to improper input validation and the presence of a hardcoded SECRET_KEY in the Flask configuration, allowing attackers to forge a session cookie. Additionally, there is improper validation of...
9.8CVSS
8.2AI Score
0.0004EPSS
Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data,....
5.3CVSS
6.8AI Score
0.001EPSS
Description The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it...
6.4CVSS
5.7AI Score
0.0004EPSS
Description The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
Custom Field Template < 2.6.2 - Authenticated (Admin+) Stored Cross-Site Scritping
Description The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5.7AI Score
0.0004EPSS
Custom Field Template < 2.6.2 - Authenticated(Contributor+) Information Exposure
Description The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including.....
4.3CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through...
4.3CVSS
0.001EPSS
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through...
4.3CVSS
6.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through...
5.9CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through...
5.9CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through...
5.9CVSS
0.0004EPSS
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order....
7.3AI Score
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order....
7.3AI Score
dubious disk - the porygon-z that's super effective against...
7.8AI Score
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...
7.2AI Score
Libndp Installed (Linux / Unix)
Libndp is installed on the remote Linux / Unix host. Additional information: More paths will be searched and the timeout for the search will be increased if 'Perform thorough tests' setting is enabled. The plugin timeout can be set to a custom value other than the plugin's default of...
7.4AI Score
Fedora: Security Advisory for qt6-qtgraphs (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS