CVE-2022-40211

CVE-2022-40211 affects the WordPress GiveWP plugin

SUSE-RU-2024:1202-1 Recommended update for libzypp, zypper, PackageKit

This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded jscOBS-301, jscPED-8014 - CVE-2024-0217: Check that Finished signal is emitted at most once bsc1218544 - Add resolver option 'removeOrphaned' for distupgrade...

CVE-2023-6257

CVE-2023-6257 affects the WordPress plugin Inline Related Posts (before v3.6.0). The root cause is missing authorization in an AJAX action that serves post content to authenticated users, enabling subscribers to read content from password-protected posts. Reported base CVSS v3.1 score is 4.3 (Med...

CVE-2023-29483

CVE-2023-29483 affects dnspython (used with eventlet) and enables a remote attacker to interfere with DNS name resolution by sending an invalid UDP packet before a valid one (a TuDoor attack). Affected combo: eventlet before 0.35.2 used in dnspython before 2.6.0. The note indicates 2.6.0 is unusa...

CVE-2023-2794

ofono on Linux is affected by a stack-based buffer overflow in decode_deliver() during SMS decoding, due to a missing bound check that exists in decode_submit(). This can enable remote code execution when an attacker sends crafted SMS or via a compromised modem/malicious base station. Connected a...

CVE-2024-2243

CVE-2024-2243 affects the csmock component used with OSH (OAuth? Kerberos-based) in Tencent/TencentOS and Fedora/RHEL packaging. The vulnerability allows a regular OSH-service user (anyone with a Kerberos ticket) to disclose the confidential Snyk authentication token and to run arbitrary commands...

CVE-2023-6385

CVE-2023-6385 affects the WordPress Ping Optimizer plugin up to version 2.35.1.3.0. The vulnerability stems from missing CSRF checks in certain areas, enabling an attacker to cause logged-in users to perform unwanted actions (e.g., clearing logs) via CSRF. Several trusted sources (NVD, CVE feeds,...

CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.17-2

CVE-2022-32149 affecting package node-problem-detector for versions less than 0.8.17-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-24786 affecting package node-problem-detector for versions less than 0.8.17-2

CVE-2024-24786 affecting package node-problem-detector for versions less than 0.8.17-2. A patched version of the package is available...

CVE-2022-4965

The CVE-2022-4965 entry concerns the Invitation Code Content Restriction Plugin for WordPress by CreativeMinds. It describes a reflected Cross-Site Scripting (XSS) vulnerability via the target_id parameter present in all versions up to and including 1.5.4, caused by insufficient input sanitizatio...

CVE-2024-1412

CVE-2024-1412 concerns the WordPress Memberpress plugin. Connected sources confirm a reflected Cross‑Site Scripting (XSS) vulnerability in the plugin’s handling of the message and error parameters, affecting all versions up to 1.11.26. The vulnerability is unauthenticated and could allow an attac...

CVE-2024-2866

CVE-2024-2866 is a placeholder entry that has been superseded by CVE-2024-2509 for the Kadence Blocks WordPress plugin. Connected data show that CVE-2024-2509 details a Stored Cross-Site Scripting (XSS) vulnerability in the Gutenberg Blocks by Kadence Blocks plugin prior to version 3.2.26 , where...

CVE-2024-2138

CVE-2024-2138 concerns the WordPress plugin JetWidgets For Elementor. The Red Hat and Wordfence entries describe a stored cross-site scripting (XSS) vulnerability in the Animated Box widget, affecting all versions up to and including 1.0.15. The issue arises from insufficient input sanitization a...

CVE-2024-2957

CVE-2024-2957 is a duplicate of CVE-2024-1983. The linked Red Hat/NVD details show Simple Ajax Chat for WordPress (before 20240223) suffers a stored XSS via the name field, reflecting unsanitized input to other users. This confirms the vulnerability context, affected component, and root cause; CV...

CVE-2024-2093

CVE-2024-2093 affects the VK All in One Expansion Unit WordPress plugin. All versions up to and including 9.95.0.1 are vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password‑protected content. Root cause: improper handling of...

CVE-2024-1458

CVE-2024-1458 : Elementor Addons by Livemesh for WordPress is vulnerable to stored XSS via the Animated Text widget’s text_alignment attribute in all versions up to and including 8.3.4 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level acc...

CVE-2024-1461

Elementor Addons by Livemesh (WordPress) contains a Stored XSS in Team Members widget via the style attribute in all versions up to 8.3.4 due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor+ access can inject scripts that execute for users visiting...

CVE-2024-2344

CVE-2024-2344 (Avada Theme for WordPress) : SQL Injection via the 'entry' parameter affects all versions up to 7.11.6. Root cause: insufficient escaping of user input and inadequate preparation of the existing SQL query. Exploitation requires editor-level access or higher (authenticated). Impact ...

CVE-2024-2117

CVE-2024-2117 affects Elementor Website Builder – More than Just a Page Builder (WordPress) via the Path Widget. All versions up to 3.20.2 are vulnerable due to insufficient output escaping on user-supplied attributes, enabling stored XSS. Exploitation requires an authenticated attacker with cont...

CVE-2024-1424

CVE-2024-1424 affects GiveWP – Donation Plugin and Fundraising Platform for WordPress. All versions up to 3.5.1 are vulnerable to Stored Cross-Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-l...