Lucene search
K

2201 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/14 1:12 a.m.4 views

Malicious code in postprocesstree-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eab27dd46c3373a4894cc6c2fb16dc6ad78c99f19e516a3b2fa843e46adb766 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/03/14 1:12 a.m.5 views

MAL-2025-2400 Malicious code in postprocesstree-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eab27dd46c3373a4894cc6c2fb16dc6ad78c99f19e516a3b2fa843e46adb766 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/03/13 12:0 a.m.8 views

WordPress Elementor Pro Animation Addon 1.6 Missing Authorization

The Animation Addons for Elementor Pro plugin versions 1.6 and below on WordPress suffers from a missing capability check allowing for arbitrary plugin installation...

8.8CVSS6.8AI score0.00912EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/03/09 12:43 p.m.7 views

com.github.camel-tooling:camel-lsp-server (>=1.25.0 <=1.28.0), com.solace.connector.core.io:spring-cloud-stream-binder-camel (=1.0.0) +2123 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=4.8.0 <=4.8.4)

org.apache.camel:camel-support MAVEN version =4.8.0, =1.25.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =0.0.1, =0.37.0, =0.38.0 and more Source cves: CVE-2025-27636 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-9376919...

5.6CVSS7AI score0.79817EPSS
Exploits3
NVD
NVD
added 2025/03/03 2:15 p.m.3 views

CVE-2025-23600

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue affects Send to a Friend Addon: from n/a through = 1.4.1...

7.1CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.12 views

CVE-2025-23600 WordPress Send to a Friend Addon plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue affects Send to a Friend Addon: from n/a through = 1.4.1...

7.1CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.49 views

CVE-2025-23600

CVE-2025-23600 is a reflected XSS in the WordPress plugin “Send to a Friend Addon” (versions 1.4.1 and earlier). The root cause is improper neutralization of input during web page generation, allowing attacker-supplied input to be reflected in the page. Affected component: pinal.shah Send to a Fr...

7.1CVSS5.9AI score0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 1:30 p.m.5 views

CVE-2025-23600 WordPress Send to a Friend Addon plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pinal.shah Send to a Friend Addon allows Reflected XSS. This issue affects Send to a Friend Addon: from n/a through 1.4.1...

7.1CVSS7AI score0.00342EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/02 7:59 p.m.5 views

WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting

Reflected Cross-Site Scripting vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin versions = 2.2...

7.1CVSS6.3AI score0.00211EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/02/28 7:15 a.m.4 views

CVE-2025-1571

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS5.9AI score0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/21 8:35 a.m.15 views

CVE-2024-13854

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS6.5AI score0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/20 12:41 p.m.8 views

CVE-2025-1039 Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field

The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

7.2CVSS6.2AI score0.00408EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/20 4:29 a.m.7 views

CVE-2024-13622

The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...

7.5CVSS6.5AI score0.00472EPSS
Exploits0References1
OSV
OSV
added 2025/02/19 8:15 a.m.7 views

CVE-2024-13854

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS7.3AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 2025/02/19 7:32 a.m.45 views

CVE-2024-13854

CVE-2024-13854 affects Education Addon for Elementor (WordPress) up to version 1.3.1 and is caused by insecure direct object reference via the naedu_elementor_template shortcode due to missing validation on a user-controlled key. This allows authenticated attackers with Contributor+ privileges to...

4.3CVSS4.4AI score0.0032EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/19 7:32 a.m.8 views

CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS4.4AI score0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/19 7:32 a.m.18 views

CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.5 views

WordPress plugin Education Addon for Elementor 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

4.3CVSS8.9AI score0.0032EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/02/19 12:0 a.m.10 views

WordPress Elementor Addon Elements Plugin < 1.12.12 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webtechstreet:elementoraddonelements"; ifdescription...

6.4CVSS6.3AI score0.00531EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/18 11:24 p.m.7 views

WordPress Education Addon for Elementor plugin <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode vulnerability

Authenticated Contributor+ Insecure Direct Object Reference via naeduelementortemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Education Addon for Elementor versions = 1.3.1...

4.3CVSS7AI score0.0032EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder