Lucene search

K

Ragic, Inc. Security Vulnerabilities

cve
cve

CVE-2024-32547

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

5.8CVSS

6.9AI Score

0.0004EPSS

2024-04-17 08:15 AM
34
osv
osv

CVE-2023-0583

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default...

4.3CVSS

6.9AI Score

0.001EPSS

2023-06-03 02:15 AM
3
cve
cve

CVE-2024-2830

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-04 03:15 AM
33
osv
osv

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...

6.1CVSS

5.9AI Score

0.006EPSS

2023-01-02 04:15 PM
5
osv
osv

CVE-2023-0584

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an...

4.3CVSS

7AI Score

0.001EPSS

2023-06-03 02:15 AM
6
cvelist
cvelist

CVE-2024-2830

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-04-04 02:32 AM
cve
cve

CVE-2024-1416

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....

4.3CVSS

6.6AI Score

0.001EPSS

2024-05-02 05:15 PM
35
osv
osv

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip...

5.4CVSS

6.2AI Score

0.001EPSS

2023-01-02 11:15 AM
6
cve
cve

CVE-2024-5179

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

8.8CVSS

7.9AI Score

0.001EPSS

2024-06-06 02:15 AM
21
cve
cve

CVE-2024-4398

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:43 PM
8
cvelist
cvelist

CVE-2024-4398 HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

6.3AI Score

0.001EPSS

2024-05-10 07:33 AM
vulnrichment
vulnrichment

CVE-2024-4398 HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-10 07:33 AM
cve
cve

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....

4.3CVSS

6.3AI Score

0.001EPSS

2024-05-02 05:15 PM
30
vulnrichment
vulnrichment

CVE-2024-2793 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.30 - Unauthenticated Stored Cross-Site Scripting

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....

7.2CVSS

6.1AI Score

0.001EPSS

2024-05-31 04:31 AM
1
cvelist
cvelist

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....

4.3CVSS

4.5AI Score

0.001EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-1416

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....

4.3CVSS

4.7AI Score

0.001EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-5179 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-06 02:03 AM
nvd
nvd

CVE-2024-5179

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-06 02:15 AM
5
cve
cve

CVE-2024-2793

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....

7.2CVSS

6AI Score

0.001EPSS

2024-05-31 05:15 AM
25
cvelist
cvelist

CVE-2024-2793 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.30 - Unauthenticated Stored Cross-Site Scripting

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....

7.2CVSS

6.4AI Score

0.001EPSS

2024-05-31 04:31 AM
cve
cve

CVE-2024-4611

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

6.8AI Score

0.001EPSS

2024-05-29 05:16 AM
3
vulnrichment
vulnrichment

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

6.9AI Score

0.001EPSS

2024-05-29 04:30 AM
1
cvelist
cvelist

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

8AI Score

0.001EPSS

2024-05-29 04:30 AM
1
vulnrichment
vulnrichment

CVE-2024-5179 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

8.8CVSS

7.7AI Score

0.001EPSS

2024-06-06 02:03 AM
vulnrichment
vulnrichment

CVE-2024-4362 SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-22 08:31 AM
nvd
nvd

CVE-2024-2793

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....

7.2CVSS

6.4AI Score

0.001EPSS

2024-05-31 05:15 AM
1
cve
cve

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-22 09:15 AM
27
cvelist
cvelist

CVE-2024-4362 SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 08:31 AM
tibco
tibco

TIBCO Security Advisory: June 11, 2024 - TIBCO EBX - CVE-2024-4576

TIBCO EBX File Inclusion Vulnerability Original release date: June 11, 2024 Last revised: June 12, 2024 CVE-2024-4576 Source: TIBCO Software Inc. Products Affected TIBCO EBX versions 5.9.25 and below TIBCO EBX versions 6.1.3 HF2 and below Component affected: EBX Add-ons Description The...

6.9AI Score

0.0004EPSS

2024-06-11 04:55 PM
1
vulnrichment
vulnrichment

CVE-2024-1467 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS

6.5AI Score

0.001EPSS

2024-05-09 08:03 PM
1
nvd
nvd

CVE-2024-4611

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

8AI Score

0.001EPSS

2024-05-29 05:16 AM
1
cvelist
cvelist

CVE-2024-1467 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS

5.8AI Score

0.001EPSS

2024-05-09 08:03 PM
cve
cve

CVE-2024-1467

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS

6.4AI Score

0.001EPSS

2024-05-14 02:47 PM
6
cve
cve

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 05:15 AM
28
cvelist
cvelist

CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 04:29 AM
cvelist
cvelist

CVE-2024-2088 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

8.2AI Score

0.001EPSS

2024-05-22 06:50 AM
cve
cve

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

6.3AI Score

0.001EPSS

2024-05-22 07:15 AM
33
cve
cve

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-04 06:15 AM
17
vulnrichment
vulnrichment

CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-04 05:32 AM
cvelist
cvelist

CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 05:32 AM
1
cvelist
cvelist

CVE-2024-1137 TIBCO ActiveSpaces Information Leak Vulnerability

The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise....

4.3CVSS

4.9AI Score

0.0004EPSS

2024-03-12 05:31 PM
vulnrichment
vulnrichment

CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 04:29 AM
nvd
nvd

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 06:15 AM
1
osv
osv

CVE-2024-23336

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's Disallowed Remote Addresses list...

5CVSS

7.2AI Score

0.001EPSS

2024-05-01 07:15 AM
6
cvelist
cvelist

CVE-2021-47249 net: rds: fix memory leak in rds_recvmsg

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......

6.3AI Score

0.0004EPSS

2024-05-21 02:19 PM
1
cve
cve

CVE-2024-3849

The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution...

8.8CVSS

7.5AI Score

0.001EPSS

2024-05-02 05:15 PM
42
vulnrichment
vulnrichment

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-03-29 06:44 AM
1
cve
cve

CVE-2024-1137

The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise....

4.3CVSS

4.6AI Score

0.0004EPSS

2024-03-12 06:15 PM
26
cvelist
cvelist

CVE-2024-1447

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-02-20 06:56 PM
1
cve
cve

CVE-2024-26024

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...

8.4CVSS

7.3AI Score

0.0004EPSS

2024-05-28 05:15 PM
1
Total number of security vulnerabilities288358