2019 matches found
CVE-2024-42020
CVE-2024-42020 is an XSS in Veeam ONE Reporter Widgets that allows HTML injection. Affected product appears to be Veeam ONE 12.x (Reporter Widgets in 12.1.0.3208 and earlier). The root cause is improper handling of widget content enabling HTML/Script execution within the UI. Impact details in sou...
CVE-2024-42020
A Cross-site-scripting XSS vulnerability exists in the Reporter Widgets that allows HTML injection...
PT-2024-6313 · Veeam · Veeam One
Name of the Vulnerable Software and Affected Versions: Veeam ONE version le12.1.0.3208 Description: A Cross-site-scripting XSS vulnerability exists in the Reporter Widgets, allowing HTML injection. This vulnerability can be exploited by a remote attacker to execute arbitrary HTML code...
CVE-2024-8016 The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...
CVE-2024-8016
CVE-2024-8016 affects The Events Calendar Pro for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input from the widgets’ filters parameter, enabling an attacker with administrator-level access (and in some configs, even lower-privilege users) to inject a P...
Malicious code in copilot-web-widgets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbb28669371353c111a05f7fb6bb2803179610b8ccec893590a34d2343e90fc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-7791
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it...
August 27, 2024—KB5041865 (OS Build 26100.1591) Preview
August 27, 2024—KB5041865 OS Build 26100.1591 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.Note Follow @WindowsUpdate to find out when new content is published to the Windows release health...
CVE-2024-2254
The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
WordPress plugin RT Easy Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-5502
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-5502 Piotnet Addons For Elementor <= 2.4.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...
PT-2024-19475 · WordPress · Easybuilder
Name of the Vulnerable Software and Affected Versions: RT Easy Builder – Advanced addons for Elementor plugin for WordPress versions up to, and including, 2.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and outpu...
CVE-2024-5583
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carouseldirection parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input...
CVE-2024-5583 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carouseldirection parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input...
PT-2024-30067 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the /admin/admin widgets.php endpoint with specific parameters: action=remove and widget=Statistics. This...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminwidgets.php?action=install&widget=akismet does not adequately verify that the request is from a trusted use...
PT-2024-30066 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was found in Pligg CMS. The vulnerability can be exploited via the /admin/admin widgets.php endpoint with specific parameters: action=install and widget=akismet. Thi...
CVE-2024-43271
CVE-2024-43271 is a Path Traversal vulnerability in Woo Products Widgets For Elementor that enables PHP Local File Inclusion. It affects Woo Products Widgets For Elementor versions up to 2.0.0 and is listed as an authenticated (Contributor+) LFI exposure in public advisories. The root cause is im...
WordPress plugin Woo Products Widgets For Elementor 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...