PT-2024-38615 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate and view private or draft posts created by other users, due t...

CVE-2023-4730

The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initendpoint function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An...

CVE-2024-7630

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to...

CVE-2024-7630

CVE-2024-7630 affects the WordPress plugin “Relevanssi – A Better Search” up to and including version 4.22.2. The root cause is insufficient restrictions on posts returned by relevanssi_do_query(), enabling unauthenticated attackers to expose potentially sensitive information from password-protec...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

CVE-2024-7263

creationtimestamp| type| source ---|---|--- 2024-08-15 17:38:17+00:00| seen| https://t.me/cvedetector/3244 2024-08-28 17:00:20+00:00| exploited| https://t.me/thehackernews/5488 2024-08-29 19:06:58+00:00| seen| MISP/e80be295-5105-44a2-8f35-73504e1a64bb 2024-08-30 18:20:05+00:00|...

CVE-2024-7063

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'renderraw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private,...

CVE-2024-7063

CVE-2024-7063 affects ElementsKit Pro for WordPress, with Sensitive Information Exposure via render_raw in all versions up to 3.6.6. The issue requires authentication (Contributor+), allowing an authenticated user to exfiltrate sensitive data such as private, future, and draft posts. Connected so...

PT-2024-38465 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: The Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.22.2 Description: The issue allows unauthenticated attackers to extract potentially sensitive information from password protected posts due to insufficient...

PT-2024-38052 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.6 Description: The issue allows authenticated attackers with Contributor-level permissions and above to extract sensitive data, including private, future, and draft posts...

WordPress Term And Category Based Posts Widget plugin < 4.9.13 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Term And Category Based Posts Widget versions 4.9.13...

WordPress Category Posts Widget < 4.9.17- Admin+ Stored XSS vulnerability

WordPress Category Posts Widget 4.9.17- Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.17...

WordPress Category Posts Widget Plugin < 4.9.17 is vulnerable to Cross Site Scripting (XSS)

Software Category Posts Widget Type Plugin Vulnerable versions 4.9.17 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 321a7aaf8265 Credits Dmitrii Ignatyev Required privile...

CVE-2024-43217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0...

CVE-2024-43217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0...

CVE-2024-43217

CVE-2024-43217 is a reflected XSS vulnerability in the Kodex Posts likes WordPress plugin. The issue arises from improper neutralization of user-controlled input during web page generation, allowing an attacker to inject and execute script in a victim user’s browser. Affected: Kodex Posts likes v...

CVE-2024-43217 WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0...

CVE-2024-43217 WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0...

CVE-2024-6158

The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high...