HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS

The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “htmegacalltoaction” widget accepts a...

Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Heading” widget accepts a “titletag” parameter. Although the element control...

Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)

The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Testimonials” widget accepts a “premiumtestimonialpersonnamesize” parameter...

CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

CVE-2021-24175 The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

PT-2021-15721

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder WordPress plugin versions prior to 4.1.7 Description: The issue allows malicious actors to bypass authentication, enabling unauthenticated users to log in as any user, including admin, by providing t...

[SECURITY] Fedora 34 Update: kdeplasma-addons-5.21.3-1.fc34

Additional Plasmoids for Plasma 5...

Fedora: Security Advisory for kdeplasma-addons (FEDORA-2021-85c9774673)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WordPress The Plus Addons for Elementor插件身份验证绕过漏洞（CVE-2021-24175）

...

VulnCheck KEV: CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress EventON plugin version 3.0.5 and earlier...

PT-2020-17158 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON plugin versions 3.0.5 and earlier Description: The issue allows for XSS via the search field in the addons/?q= endpoint. This is a security concern as it can be exploited to inject malicious scripts. Recommendations: For versions 3.0....

CVE-2020-26239

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escape...

CVE-2020-26239

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escape...

CVE-2020-26239

Scratch Addons for Chrome/Firefox is affected by a DOM-based XSS due to an incorrect regular expression in the More Links addon, which unescaped HTML-escaped values when a user visits a specific website. This vulnerability affects versions before 1.3.2; version 1.3.2 fixes the issue and browsers ...

CVE-2020-26239 Cross-Site Scripting in Scratch browser addons

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escape...

PyroCMS Cross-Site Request Forgery Vulnerability

PyroCMS is an easy-to-use, powerful and modular CMS and development platform built using Laravel 5. A cross-site request forgery vulnerability exists in PyroCMS 3.7. An attacker can exploit this vulnerability to remove arbitrary plugins via the admin/addons/uninstall/anomaly.module.blocks URI...

Low: Red Hat Security Advisory: OpenShift Virtualization 2.4.2 Images

Red Hat OpenShift Virtualization release 2.4.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a...

firefox security update

68.6.1-1.0.1 - fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 68.6.1-1 - Update to 68.6.1 ESR Wed Mar 04 2020 Jan Horak - Update to 68.6.0 build1 68.5.0-3 - Added fix for rhbz1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc Fri Feb 07 2020 J...

UBUNTU-CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...