The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4023 advisory. Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.33.0. The kn CLI is...
6.9AI Score
0.0004EPSS
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering,...
7.9AI Score
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...
7.6AI Score
0.0004EPSS
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is...
0.0004EPSS
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...
0.0004EPSS
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xen/netback: don't queue unlimited number of packages In case a guest isn't consuming incoming network traffic as fast as it is coming in, xen-netback is buffering network packages in unlimited numbers today. This can result in...
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...
7.1CVSS
0.0004EPSS
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2023-36683 WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
CVE-2023-36683 WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2023-36684 WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
CVE-2023-36684 WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...
7.1CVSS
0.0004EPSS
CVE-2023-37869 WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
CVE-2023-35050 WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2023-41805 Broken Access Control vulnerability in multiple Brainstorm Force plugins
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through...
8.2CVSS
8.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through...
8.2CVSS
0.0004EPSS
CVE-2023-39990 WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
CVE-2023-39990 WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through...
8.2CVSS
0.0004EPSS
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....
5.4CVSS
0.001EPSS
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....
5.4CVSS
5.2AI Score
0.001EPSS
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....
5.4CVSS
0.001EPSS
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....
5.4CVSS
6.7AI Score
0.001EPSS
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
0.0005EPSS
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
5.7AI Score
0.0005EPSS
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
0.0004EPSS
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.7AI Score
0.0004EPSS
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
0.0004EPSS
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.8AI Score
0.0004EPSS
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
7AI Score
0.0005EPSS
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
0.0005EPSS
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...
0.0004EPSS
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is...
6.9AI Score
0.0004EPSS
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...
7.5AI Score
0.0004EPSS
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is...
0.0004EPSS
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM...
8.2CVSS
6.8AI Score
0.0004EPSS
Analysis of user password strength
The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...
6.9AI Score
Weather Widget Pro <= 1.1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Weather Widget Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
6.5CVSS
5.8AI Score
0.0004EPSS