Lucene search
K

7293 matches found

ATTACKERKB
ATTACKERKB
added 2024/07/17 7:15 a.m.1 views

CVE-2024-5253

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultteam shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 2024/07/17 7:15 a.m.5 views

CVE-2024-5253

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultteam shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00297EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/07/17 7:15 a.m.3 views

CVE-2024-5251

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS6.1AI score0.00295EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/07/17 7:15 a.m.1 views

CVE-2024-5254

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.1AI score0.00297EPSS
Exploits0References3
NVD
NVD
added 2024/07/17 7:15 a.m.19 views

CVE-2024-5254

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00297EPSS
Exploits0References2
CVE
CVE
added 2024/07/17 6:45 a.m.55 views

CVE-2024-5251

CVE-2024-5251 describes a Stored Cross-Site Scripting vulnerability in Ultimate Addons for WPBakery Page Builder (WordPress). The issue affects all versions up to and including 3.19.20, caused by insufficient input sanitization and output escaping in the ultimate_pricing shortcode attributes. Exp...

6.4CVSS5.5AI score0.00295EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/17 6:45 a.m.20 views

CVE-2024-5251 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References2
CVE
CVE
added 2024/07/17 6:45 a.m.49 views

CVE-2024-5254

CVE-2024-5254 concerns the Ultimate Addons for WPBakery Page Builder plugin for WordPress. The vulnerability is Stored Cross-Site Scripting via the ultimate_info_banner shortcode in all versions up to and including 3.19.20, caused by insufficient input sanitization and output escaping on user-sup...

6.4CVSS5.5AI score0.00297EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/17 6:45 a.m.26 views

CVE-2024-5255 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00297EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/17 2:14 a.m.5 views

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

6.4CVSS5.5AI score0.00295EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.5 views

PT-2024-35348 · WordPress · Ultimate Addons For Wpbakery

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the ultimate pricing shortcode...

6.4CVSS6.9AI score0.00295EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.5 views

PT-2024-35359 · WordPress · Ultimate Addons For Wpbakery

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ult team shortcode due to insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00297EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.17 views

PT-2024-35366 · WordPress · Ultimate Addons For Wpbakery

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the ultimate info banner...

6.4CVSS6.9AI score0.00297EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/07/17 12:0 a.m.17 views

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.20 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.20 Fixed in 3.19.20.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 581cfa0b62a8...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/16 2:21 a.m.4 views

WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Modification vulnerability discovered by Lucio Sá in WordPress Plugin Web and WooCommerce Addons for WPBakery Builder versions = 1.4.5...

4.3CVSS7AI score0.00362EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/16 12:0 a.m.13 views

WordPress The Pack Elementor addons Plugin <= 2.0.8.6 is vulnerable to Local File Inclusion

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.8.6 Fixed in 2.0.8.7 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7537295d6ade Credits João Pedro S...

8.8CVSS6.6AI score0.0049EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.3 views

PT-2024-37733 · WordPress · Web/Woocommerce Addons For Wpbakery Builder

Name of the Vulnerable Software and Affected Versions: Web and WooCommerce Addons for WPBakery Builder plugin for WordPress versions prior to 1.4.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify plugin settings due to a missing capability...

4.3CVSS6.7AI score0.00362EPSS
Exploits0References6
Mageia
Mageia
added 2024/07/13 7:54 a.m.76 views

Updated kernel kmod-xtables-addons kmod-virtualbox dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.37 fix bugs and vulnerabilities. The dwarves, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

9.8CVSS7.9AI score0.01483EPSS
Exploits6References10
NVD
NVD
added 2024/07/12 1:15 p.m.32 views

CVE-2024-6495

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00311EPSS
Exploits0References2
OSV
OSV
added 2024/07/12 1:15 p.m.5 views

CVE-2024-6495

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00311EPSS
Exploits0References2
Rows per page
Query Builder