Lucene search

K

Ragic, Inc. Security Vulnerabilities

cvelist
cvelist

CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

6AI Score

0.0004EPSS

2024-05-10 09:32 AM
1
cve
cve

CVE-2024-4329

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
10
vulnrichment
vulnrichment

CVE-2024-4329 Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-11 06:43 AM
1
cvelist
cvelist

CVE-2024-4361 Page Builder by SiteOrigin <= 2.29.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-21 11:02 AM
nvd
nvd

CVE-2024-3943

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via....

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-30 05:15 AM
1
cve
cve

CVE-2024-3947

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings...

4.3CVSS

6.3AI Score

0.0005EPSS

2024-05-30 05:15 AM
22
cve
cve

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-15 07:15 AM
7
nvd
nvd

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-36742

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of...

7AI Score

EPSS

2024-06-06 05:15 PM
20
cvelist
cvelist

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

7.2CVSS

6.8AI Score

0.0005EPSS

2024-06-04 05:32 AM
2
cve
cve

CVE-2024-3945

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged...

4.3CVSS

6.3AI Score

0.0005EPSS

2024-05-30 05:15 AM
20
vulnrichment
vulnrichment

CVE-2024-3945 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged...

4.3CVSS

6.5AI Score

0.0005EPSS

2024-05-30 04:31 AM
nvd
nvd

CVE-2024-35638

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-06-03 09:15 AM
1
cvelist
cvelist

CVE-2024-36730

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones...

EPSS

1976-01-01 12:00 AM
1
cvelist
cvelist

CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full...

EPSS

1976-01-01 12:00 AM
1
cvelist
cvelist

CVE-2024-3943 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via....

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-30 04:31 AM
cve
cve

CVE-2024-36734

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...

7AI Score

EPSS

2024-06-06 07:15 PM
25
cvelist
cvelist

CVE-2024-36732

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

EPSS

1976-01-01 12:00 AM
2
github
github

GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
4
cve
cve

CVE-2024-3943

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via....

4.3CVSS

6.3AI Score

0.0004EPSS

2024-05-30 05:15 AM
22
nvd
nvd

CVE-2024-36740

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of...

EPSS

2024-06-06 07:15 PM
cve
cve

CVE-2024-32809

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

6.8AI Score

0.0004EPSS

2024-05-17 10:15 AM
34
cve
cve

CVE-2024-32131

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
37
cvelist
cvelist

CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-17 08:18 AM
2
cve
cve

CVE-2024-30436

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-29 06:15 PM
32
cvelist
cvelist

CVE-2024-30460 WordPress Tumult Hype Animations plugin <= 1.9.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through...

4.3CVSS

4.9AI Score

0.0004EPSS

2024-03-29 04:32 PM
cve
cve

CVE-2024-30445

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-29 05:15 PM
32
tibco
tibco

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

7.8AI Score

EPSS

2024-05-28 05:53 PM
6
cvelist
cvelist

CVE-2024-36740

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of...

EPSS

1976-01-01 12:00 AM
1
cvelist
cvelist

CVE-2024-25095 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 06:37 PM
1
github
github

GeniXCMS SQL Injection

GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...

8.8CVSS

8.2AI Score

0.001EPSS

2022-05-17 02:46 AM
5
cve
cve

CVE-2024-29114

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-19 03:15 PM
37
vulnrichment
vulnrichment

CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-10 09:32 AM
nvd
nvd

CVE-2024-26024

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-05-28 05:15 PM
cvelist
cvelist

CVE-2024-36742

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of...

EPSS

1976-01-01 12:00 AM
1
cvelist
cvelist

CVE-2024-1943

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-02-28 06:46 AM
cve
cve

CVE-2024-2026

The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-09 07:15 PM
24
cve
cve

CVE-2024-34567

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-17 06:15 AM
23
cvelist
cvelist

CVE-2024-25936 WordPress SoundCloud Shortcode plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-15 12:55 PM
nvd
nvd

CVE-2024-5152

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
1
cve
cve

CVE-2024-0552

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...

9.8CVSS

9.8AI Score

0.002EPSS

2024-01-15 04:15 AM
13
cvelist
cvelist

CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6AI Score

0.001EPSS

2024-05-15 06:51 AM
2
cvelist
cvelist

CVE-2023-51489 WordPress Crowdsignal Polls & Ratings plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through...

5.4CVSS

5.8AI Score

0.0004EPSS

2024-03-16 01:01 AM
cve
cve

CVE-2024-5638

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
22
cve
cve

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

9.5AI Score

0.0004EPSS

2024-06-10 04:15 PM
24
cvelist
cvelist

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

0.0004EPSS

2024-06-10 03:38 PM
4
vulnrichment
vulnrichment

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

7AI Score

0.0004EPSS

2024-06-10 03:38 PM
cve
cve

CVE-2023-51489

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-03-16 01:15 AM
16
cvelist
cvelist

CVE-2024-30436 WordPress Collect.chat plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-29 05:25 PM
cvelist
cvelist

CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-02-23 06:48 AM
Total number of security vulnerabilities288358