WordPress Arconix Shortcodes plugin <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.13...

WordPress Premium Addons for Elementor plugin <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Video Box Widget vulnerability discovered by zer0gh0st in WordPress Plugin Premium Addons for Elementor versions = 4.10.60...

PT-2024-16146 · Unknown · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor versions up to and including 4.10.60 Description: The issue is related to Stored Cross-Site Scripting via the Video Box widget due to insufficient input sanitization and output escaping on user-supplied attributes...

PT-2024-16125 · WordPress · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes plugin for WordPress versions up to, and including, 2.1.13 Description: The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input...

Monica 安全漏洞

Monica is an AI assistant from Monica. A security vulnerability exists in Monica version v6.3.0, which stems from an instant injection vulnerability in the chat box that allows an attacker to access and steal all previous and subsequent chat data between a user and the AI assistant via a spoofed...

The vulnerability of the dcn302_fpu_update_bw_bounding_box() function in the amdgpu kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the dcn302fpuupdatebwboundingbox function in the drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302fpu.c file of the amdgpu kernel in the Linux operating system is related to incorrect calculation of the index. Exploiting this vulnerability may allow an attacker to compromise t...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-48919

CVE-2024-48919 affects Cursor, an AI-assisted code editor. Prior to 2024-09-27, if a user imported a malicious webpage into Cursor’s Terminal Cmd-K, an attacker controlling that page could influence a language model to emit arbitrary terminal commands when the user opts to include the page conten...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

PT-2024-33268 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 0.42 Description: The issue allows an attacker with control over a malicious web page to influence a language model to output arbitrary commands for execution in the user's terminal. This scenario requires the user to...

CVE-2024-49236

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5...

CVE-2024-49236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through = 1.0.5...

CVE-2024-49236 WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through = 1.0.5...

CVE-2024-49236 WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5...

CVE-2024-49236

CVE-2024-49236 is a stored XSS in the WordPress plugin Crazy Call To Action Box, affecting versions up to 1.0.5. The issue arises from improper input neutralization during web page generation. Public disclosures confirm affected versions 1.0.0–1.0.5; Patchstack notes no fix available (Fixed in: N...

WordPress plugin Crazy Call To Action Box 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin Crazy Call ...

CVE-2024-9540 Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-46811

...

WordPress Sina Extension for Elementor plugin <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Sina Modal Box Widget Elementor Template vulnerability discovered by Nishiv in WordPress Plugin Sina Extension for Elementor versions = 3.5.7...

WordPress Crazy Call To Action Box Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Crazy Call To Action Box Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49236 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0654c27932a5 Credits SOPROBRO Required privilege...