Lucene search

K

Ragic, Inc. Security Vulnerabilities

cvelist
cvelist

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

EPSS

1976-01-01 12:00 AM
1
nvd
nvd

CVE-2024-3947

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-30 05:15 AM
vulnrichment
vulnrichment

CVE-2024-4361 Page Builder by SiteOrigin <= 2.29.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-21 11:02 AM
1
nvd
nvd

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

EPSS

2024-06-06 06:15 PM
cvelist
cvelist

CVE-2024-1043

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-02-20 06:56 PM
cvelist
cvelist

CVE-2024-2109

The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user...

5.3CVSS

5.8AI Score

0.0005EPSS

2024-05-02 04:52 PM
nvd
nvd

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

8.2AI Score

0.001EPSS

2024-05-22 07:15 AM
2
cve
cve

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

7AI Score

EPSS

2024-06-06 06:15 PM
27
cvelist
cvelist

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

EPSS

1976-01-01 12:00 AM
vulnrichment
vulnrichment

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

6.8AI Score

EPSS

1976-01-01 12:00 AM
1
nvd
nvd

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 05:15 AM
1
vulnrichment
vulnrichment

CVE-2024-2109

The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user...

5.3CVSS

6.7AI Score

0.0005EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-5152 ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 03:53 AM
cvelist
cvelist

CVE-2024-32826 WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-04-26 11:09 AM
1
cvelist
cvelist

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

1976-01-01 12:00 AM
cve
cve

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level.....

4.3CVSS

6.7AI Score

0.001EPSS

2024-06-06 12:15 PM
25
cve
cve

CVE-2024-36732

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

7AI Score

EPSS

2024-06-06 07:15 PM
20
cve
cve

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

7AI Score

EPSS

2024-06-06 06:15 PM
26
cve
cve

CVE-2024-36730

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones...

7AI Score

EPSS

2024-06-06 07:15 PM
22
nvd
nvd

CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full...

EPSS

2024-06-06 06:15 PM
1
cve
cve

CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full...

7AI Score

EPSS

2024-06-06 06:15 PM
20
cve
cve

CVE-2024-4887

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-07 04:15 AM
23
cve
cve

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

7.2AI Score

EPSS

2024-06-06 06:15 PM
20
osv
osv

GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
3
cve
cve

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.3AI Score

0.001EPSS

2024-06-04 07:18 PM
13
nvd
nvd

CVE-2024-36742

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of...

EPSS

2024-06-06 05:15 PM
nvd
nvd

CVE-2024-4398

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 03:43 PM
cvelist
cvelist

CVE-2024-36734

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...

EPSS

1976-01-01 12:00 AM
2
vulnrichment
vulnrichment

CVE-2024-4887 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-07 03:21 AM
cve
cve

CVE-2024-35638

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

7.2AI Score

0.0004EPSS

2024-06-03 09:15 AM
16
nvd
nvd

CVE-2024-4887

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

0.001EPSS

2024-06-07 04:15 AM
nvd
nvd

CVE-2024-36734

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...

EPSS

2024-06-06 07:15 PM
cve
cve

CVE-2024-4788

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-06 02:15 AM
3
cvelist
cvelist

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

7.2CVSS

6.8AI Score

0.0005EPSS

2024-06-04 05:32 AM
2
cve
cve

CVE-2024-3945

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged...

4.3CVSS

6.3AI Score

0.0005EPSS

2024-05-30 05:15 AM
20
vulnrichment
vulnrichment

CVE-2024-3945 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged...

4.3CVSS

6.5AI Score

0.0005EPSS

2024-05-30 04:31 AM
nvd
nvd

CVE-2024-3945

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-30 05:15 AM
2
cve
cve

CVE-2024-30460

Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-03-29 05:15 PM
30
osv
osv

GeniXCMS SQL Injection

GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...

8.8CVSS

8.2AI Score

0.001EPSS

2022-05-17 02:46 AM
7
nvd
nvd

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

EPSS

2024-06-06 06:15 PM
vulnrichment
vulnrichment

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

6.8AI Score

EPSS

1976-01-01 12:00 AM
cve
cve

CVE-2024-36740

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of...

7AI Score

EPSS

2024-06-06 07:15 PM
22
cvelist
cvelist

CVE-2024-4788 Boostify Header Footer Builder for Elementor <= 1.3.3 - Missing Authorization to Page/Post Creation

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-06 02:02 AM
1
cvelist
cvelist

CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 09:39 AM
cve
cve

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...

7.2AI Score

0.0004EPSS

2024-04-18 10:15 PM
25
cvelist
cvelist

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...

7.2AI Score

0.0004EPSS

2024-04-18 12:00 AM
osv
osv

GeniXCMS Cross-site Scripting (XSS) via id parameter

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
4
github
github

GeniXCMS Cross-site Scripting (XSS) via id parameter

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
5
cve
cve

CVE-2024-32826

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-04-26 11:15 AM
29
vulnrichment
vulnrichment

CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:39 AM
Total number of security vulnerabilities288358