aio-libs — aiosmtpd
  aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-12 5.3 CVE-2024-27305
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com ameliabooking — booking_for_appointments_and_events_calendar_-_amelia
  The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 6.1 CVE-2024-1484
security@wordfence.com
security@wordfence.com apache_software_foundation — apache_pulsar
  The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6. 2.11 Apache Pulsar users should upgrade to at least 2.11.4. 3.0 Apache Pulsar users should upgrade to at least 3.0.3. 3.1 Apache Pulsar users should upgrade to at least 3.1.3. 3.2 Apache Pulsar users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. 2024-03-12 6.4 CVE-2024-28098
security@apache.org
security@apache.org apache_software_foundation — apache_zookeeper
  A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability. 2024-03-12 4.7 CVE-2024-2394
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com argoproj — argo-cd
  Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. “Local sync” is an Argo CD feature that allows developers to temporarily override an Application’s manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version. 2024-03-13 6.4 CVE-2023-50726
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com ari_soft — ari_stream_quiz
  Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32. 2024-03-16 5.4 CVE-2023-51487
audit@patchstack.com artibot — artibot_free_chat_bot_for_wordpress_websites The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-13 4.4 CVE-2024-0449
security@wordfence.com
security@wordfence.com artibot — artibot_free_chat_bot_for_wordpress_websites
  The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings. 2024-03-13 5 CVE-2024-0447
security@wordfence.com
security@wordfence.com atlas_gondal — export_media_urls
  Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0. 2024-03-16 4.3 CVE-2023-51510
audit@patchstack.com automattic,_inc. — crowdsignal_dashboard_-_polls,_surveys_&_more
  Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. 2024-03-16 5.4 CVE-2023-51489
audit@patchstack.com averta — depicter_slider
  Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6. 2024-03-16 5.4 CVE-2023-51491
audit@patchstack.com badger_meter — monitool
  Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality. 2024-03-12 6.5 CVE-2024-1303
cve-coordination@incibe.es badger_meter — monitool
  Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session. 2024-03-12 6.3 CVE-2024-1304
cve-coordination@incibe.es barrykooij — related_posts_for_wordpress
  The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts. 2024-03-13 5.4 CVE-2024-0592
security@wordfence.com
security@wordfence.com
security@wordfence.com basix — nex-forms_-_ultimate_form_builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5. 2024-03-15 6.5 CVE-2024-25593
audit@patchstack.com bdthemes — prime_slider_-_addons_for_elementor_(revolution_of_a_slider,_hero_slider,_ecommerce_slider)
  The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tags’ attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1507
security@wordfence.com
security@wordfence.com bdthemes — prime_slider_-_addons_for_elementor_(revolution_of_a_slider,_hero_slider,_ecommerce_slider)
  The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘settings[‘title_tags’]’ attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1508
security@wordfence.com
security@wordfence.com binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketin-¦ The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the ‘ladiflow_hook_configs’ option. 2024-03-12 4.3 CVE-2023-4626
security@wordfence.com
security@wordfence.com binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
  The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the ‘ladipage_config’ option. 2024-03-12 4.3 CVE-2023-4627
security@wordfence.com
security@wordfence.com binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
  The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the ‘ladiflow_hook_configs’ option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-12 4.3 CVE-2023-4628
security@wordfence.com
security@wordfence.com binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
  The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the ‘ladipage_config’ option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-12 4.3 CVE-2023-4629
security@wordfence.com
security@wordfence.com binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
  The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS 2024-03-12 4.3 CVE-2023-4728
security@wordfence.com
security@wordfence.com binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
  The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-12 4.3 CVE-2023-4729
security@wordfence.com
security@wordfence.com binhnguyenplus — ladiapp:_landing_page,_popupx,_marketing_automation,_affiliate_marketing-¦
  The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via ‘init’ in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the ‘ladipage_key’ which enables them to create new posts on the website and inject malicious web scripts, 2024-03-12 4.3 CVE-2023-4731
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com bitpressadmin — contact_form_builder_by_bit_form:_create_contact_form,_multi_step_form,_conversational_form
  The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions. 2024-03-13 5.3 CVE-2024-1640
security@wordfence.com
security@wordfence.com blossomthemes — blossom_spa
  The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts. 2024-03-12 5.8 CVE-2024-2107
security@wordfence.com
security@wordfence.com bluecoral — chat_bubble_-_floating_chat_with_contact_chat_icons,_messages,_telegram,_email,_sms,_call_me_back
  The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-13 4.4 CVE-2024-0898
security@wordfence.com
security@wordfence.com bobbingwide — oik
  The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-14 6.4 CVE-2024-2256
security@wordfence.com
security@wordfence.com
security@wordfence.com bradwenqiang — hr
  A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-15 6.3 CVE-2024-2478
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com brainstormforce — elementor_header_&_footer_builder
  The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1237
security@wordfence.com
security@wordfence.com
security@wordfence.com britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features
  The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1541
security@wordfence.com
security@wordfence.com
security@wordfence.com catchsquare — wp_social_widget
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5. 2024-03-15 6.5 CVE-2024-27189
audit@patchstack.com charlestsmith — word_replacer_pro
  The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site. 2024-03-16 5.3 CVE-2024-1733
security@wordfence.com
security@wordfence.com choijun — la-studio_element_kit_for_elementor
  The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-14 6.4 CVE-2024-2249
security@wordfence.com
security@wordfence.com chrisbadgett — lifterlms_-_wordpress_lms_plugin_for_elearning
  The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘process_review’ function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site. 2024-03-13 5.3 CVE-2024-0377
security@wordfence.com
security@wordfence.com cisco — cisco_ios_xr_software
  A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely. 2024-03-13 6.5 CVE-2024-20262
ykramarz@cisco.com cisco — cisco_ios_xr_software
  The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘zoom_recordings_by_meeting’ shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-12 6.4 CVE-2024-2031
security@wordfence.com
security@wordfence.com cisco — cisco_ios_xr_software
  A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device. Notes: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected. 2024-03-13 5.3 CVE-2024-20266
ykramarz@cisco.com cisco — cisco_ios_xr_software
  A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. 2024-03-13 5.8 CVE-2024-20315
ykramarz@cisco.com cisco — cisco_ios_xr_software
  A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. 2024-03-13 5.8 CVE-2024-20322
ykramarz@cisco.com cisco — cisco_ios_xr_software
  A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests. 2024-03-13 4.3 CVE-2024-20319
ykramarz@cisco.com citrix — citrix_sd-wan_standard/premium_editions
  Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. 2024-03-12 6.5 CVE-2024-2049
secure@citrix.com ckan — ckan
  A user endpoint didn’t perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade. Users unable to upgrade should override the `/user/reset` endpoint to filter the `id` parameter in order to exclude newlines. 2024-03-13 4.3 CVE-2024-27097
security-advisories@github.com
security-advisories@github.com cloudflare — quiche
  Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker.  quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue. 2024-03-12 5.9 CVE-2024-1765
cna@cloudflare.com codename065 — download_manager
  The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2023-6954
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com codename065 — download_manager
  The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published). 2024-03-13 5.3 CVE-2023-6785
security@wordfence.com
security@wordfence.com codeworkweb — cww_companion
  The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-12 6.4 CVE-2024-2130
security@wordfence.com
security@wordfence.com collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
  The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1409
security@wordfence.com
security@wordfence.com collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
  The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1535
security@wordfence.com
security@wordfence.com
security@wordfence.com collizo4sky — paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_-_profilepress
  The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1806
security@wordfence.com
security@wordfence.com
security@wordfence.com cool_plugins — cryptocurrency_widgets_-_price_ticker_&_coins_list
  Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. 2024-03-13 4.7 CVE-2024-27953
audit@patchstack.com cozmoslabs — paid_member_subscriptions
  Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4. 2024-03-15 4.3 CVE-2023-51522
audit@patchstack.com cozyvision1 — sms_alert_order_notifications_-_woocommerce
  The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-13 4.3 CVE-2024-1489
security@wordfence.com
security@wordfence.com crmperks — database_for_contact_form_7,_wpforms,_elementor_forms
  The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2030
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com cservit — affiliate-toolkit – WordPress Affiliate Plugin The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists. 2024-03-08 6.3 CVE-2024-1851
security@wordfence.com
security@wordfence.com cyberlord92 — page_restriction_wordpress_(wp)_-_protect_wp_pages/post
  The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage. 2024-03-13 5.3 CVE-2024-0681
security@wordfence.com
security@wordfence.com david_de_boer — paytium:_mollie_payment_forms_&_donations
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2. 2024-03-13 6.5 CVE-2024-25099
audit@patchstack.com dell — poweredge_bios_intel_16g
  Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM. 2024-03-13 5.3 CVE-2024-0162
security_alert@emc.com dell — poweredge_bios_intel_16g
  Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. 2024-03-13 5.3 CVE-2024-0163
security_alert@emc.com devitemsllc — ht_mega_-_absolute_addons_for_elementor
  The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the ‘titleTag’ user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-12 6.4 CVE-2024-1397
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com devitemsllc — ht_mega_-_absolute_addons_for_elementor
  The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-12 6.4 CVE-2024-1421
security@wordfence.com
security@wordfence.com directus — directus
  Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There’s a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don’t seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message “Your password needs to be updated” to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-12 5.4 CVE-2024-28239
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com discourse — discourse
  Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting. 2024-03-15 6.5 CVE-2024-27085
security-advisories@github.com
security-advisories@github.com discourse — discourse
  Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren’t enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-15 6.5 CVE-2024-27100
security-advisories@github.com
security-advisories@github.com discourse — discourse
  Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-15 5.3 CVE-2024-24748
security-advisories@github.com
security-advisories@github.com discourse — discourse
  Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server. 2024-03-15 5.3 CVE-2024-24827
security-advisories@github.com
security-advisories@github.com discourse — discourse
  Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds. 2024-03-15 5.3 CVE-2024-28242
security-advisories@github.com
security-advisories@github.com doofinder — doofinder_for_woocommerce
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8. 2024-03-15 5.9 CVE-2024-25596
audit@patchstack.com dreamer — cms
  A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-10 4.3 CVE-2024-2354
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com droitthemes — droit_elementor_addons_-_widgets,_blocks,_templates_library_for_elementor_builder
  The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 5.4 CVE-2024-2252
security@wordfence.com
security@wordfence.com edge22 — generateblocks
  The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates. 2024-03-13 4.3 CVE-2024-1452
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com edge22 — wp_show_posts
  The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages. 2024-03-13 5.3 CVE-2024-1479
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com elementinvader — elementinvader_addons_for_elementor
  The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-16 6.4 CVE-2024-2308
security@wordfence.com
security@wordfence.com elementor — elementor_pro
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2. 2024-03-16 6.5 CVE-2024-23523
audit@patchstack.com exafunction — codeium-chrome
  codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn’t check the sender when receiving an external message. This allows an attacker to host a website that will steal the user’s Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key. 2024-03-11 6.5 CVE-2024-28120
security-advisories@github.com
security-advisories@github.com expresstech — quiz_and_survey_master
  Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master. This issue affects Quiz And Survey Master: from n/a through 8.1.18. 2024-03-16 5.4 CVE-2023-51521
audit@patchstack.com file_manager — file_manager_pro
  The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tb’ parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 6.1 CVE-2023-7015
security@wordfence.com
security@wordfence.com fluid-cloudnative — fluid
  Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project’s JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data. Users who’re using versions < 0.9.3 with JuicefsRuntime should upgrade to v0.9.3. 2024-03-15 4 CVE-2023-51699
security-advisories@github.com
security-advisories@github.com follow-redirects — follow-redirects
  follow-redirects is an open source, drop-in replacement for Node’s `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-14 6.5 CVE-2024-28849
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com formfacade — formfacade
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0. 2024-03-15 6.5 CVE-2024-25934
audit@patchstack.com fortinet — fortimanager
  A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. 2024-03-12 6.7 CVE-2023-41842
psirt@fortinet.com fortinet — fortiportal
  An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. 2024-03-12 4.3 CVE-2024-21761
psirt@fortinet.com fortinet — fortiproxy An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. 2024-03-12 4.3 CVE-2024-23112
psirt@fortinet.com fortra — filecatalyst
  Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.   2024-03-13 5.3 CVE-2024-25154
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff fortra — goanywhere_mft
  A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. 2024-03-14 6.5 CVE-2024-25156
df4dee71-de3a-4139-9588-11b62fe6c0ff frenify — categorify_-_wordpress_media_library_category_&_file_manager
  The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories. 2024-03-13 4.3 CVE-2024-0385
security@wordfence.com
security@wordfence.com friendlyelec — friendlywrt
  Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data. 2024-03-15 5.2 CVE-2024-2495
cve-coordination@incibe.es friendsofsymfony1 — symfony1
  Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in `$this->_keys` to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys …) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-15 5 CVE-2024-28859
security-advisories@github.com
security-advisories@github.com gacjie — server
  A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256503. 2024-03-12 5.4 CVE-2024-2406
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com geminilabs — site_reviews
  The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2293
security@wordfence.com
security@wordfence.com
security@wordfence.com gonahkar — custom_fields_shortcode
  The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2023-6809
security@wordfence.com
security@wordfence.com gpriday — siteorigin_widgets_bundle
  The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance[‘fonts’][‘title_options’][‘tag’], $headline_tag, $sub_headline_tag, $feature[‘icon’]. 2024-03-13 6.4 CVE-2024-1723
security@wordfence.com
security@wordfence.com
security@wordfence.com hammadh — play.ht_-_make_your_blog_posts_accessible_with_text_to_speech_audio
  The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio. 2024-03-13 5.4 CVE-2024-0828
security@wordfence.com
security@wordfence.com hammadh — play.ht_-_make_your_blog_posts_accessible_with_text_to_speech_audio
  The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-13 4.3 CVE-2024-0827
security@wordfence.com
security@wordfence.com heimavista — rpage
  The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled. 2024-03-13 5.3 CVE-2024-2412
twcert@cert.org.tw hiroaki_miyashita — custom_field_template
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6. 2024-03-15 6.5 CVE-2024-25919
audit@patchstack.com hitachi — cosminexus_component_container
  Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 through 11-20-*, from 11-10 through 11-10-*, from 11-00 before 11-00-12, All versions of V8 and V9. 2024-03-12 5.6 CVE-2023-6814
hirt@hitachi.co.jp htplugins — ht_easy_ga4_-_google_analytics_wordpress_plugin
  The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4. 2024-03-13 5.3 CVE-2024-1176
security@wordfence.com
security@wordfence.com ibm — host_access_transformation_services
  IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989. 2024-03-15 6.2 CVE-2021-38938
psirt@us.ibm.com
psirt@us.ibm.com ibm — integration_bus_for_z/os
  IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. 2024-03-14 4.5 CVE-2024-27265
psirt@us.ibm.com
psirt@us.ibm.com ibm — maximo_application_suite_-_maximo_mobile_for_eam
  IBM Maximo Application Suite – Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. 2024-03-13 5.1 CVE-2023-43043
psirt@us.ibm.com
psirt@us.ibm.com ibm — maximo_asset_management
  IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192. 2024-03-13 6.4 CVE-2023-38723
psirt@us.ibm.com
psirt@us.ibm.com ibm — secure_proxy
  IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270973. 2024-03-15 6.1 CVE-2023-47162
psirt@us.ibm.com
psirt@us.ibm.com ibm — secure_proxy
  IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974. 2024-03-15 6.1 CVE-2023-47699
psirt@us.ibm.com
psirt@us.ibm.com ibm — secure_proxy
  IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692. 2024-03-15 5.4 CVE-2023-46182
psirt@us.ibm.com
psirt@us.ibm.com ibm — secure_proxy
  IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598. 2024-03-15 5.9 CVE-2023-47147
psirt@us.ibm.com
psirt@us.ibm.com ibm — secure_proxy
  IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683. 2024-03-15 4.3 CVE-2023-46179
psirt@us.ibm.com
psirt@us.ibm.com ibm — secure_proxy
  IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686. 2024-03-15 4 CVE-2023-46181
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_partner_engagement_manager
  IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421. 2024-03-13 5.4 CVE-2023-28517
psirt@us.ibm.com
psirt@us.ibm.com icopydoc — yml_for_yandex_market
  The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 6.1 CVE-2024-1365
security@wordfence.com
security@wordfence.com intoxstudio — restrict_user_access_-_ultimate_membership_&_content_protection
  The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API. 2024-03-13 5.3 CVE-2024-0687
security@wordfence.com
security@wordfence.com joseph_c_dolson — my_calendar
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23. 2024-03-15 6.5 CVE-2024-25916
audit@patchstack.com justinbusa — beaver_builder_-_wordpress_page_builder
  The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-0896
security@wordfence.com
security@wordfence.com
security@wordfence.com justinbusa — beaver_builder_-_wordpress_page_builder
  The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-0897
security@wordfence.com
security@wordfence.com justinbusa — beaver_builder_-_wordpress_page_builder
  The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget ‘link_url’ parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1074
security@wordfence.com
security@wordfence.com
security@wordfence.com justinbusa — beaver_builder_-_wordpress_page_builder
  The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1080
security@wordfence.com
security@wordfence.com justinbusa — beaver_builder_-_wordpress_page_builder
  The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget ‘fl_builder_data[node_preview]https://www.cisa.gov/news-events/bulletins/sb24-078’ and ‘fl_builder_data[settings][link_target]’ parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 5.4 CVE-2024-0871
security@wordfence.com
security@wordfence.com justinbusa — beaver_builder_-_wordpress_page_builder
  The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a ‘playground.wordpress.net’ parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 5.4 CVE-2024-1038
security@wordfence.com
security@wordfence.com
security@wordfence.com kbjohnson90 — user_shortcodes_plus
  The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta. 2024-03-13 5.3 CVE-2023-6969
security@wordfence.com
security@wordfence.com korenix — jeti/o_6550
  Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials. 2024-03-12 6.2 CVE-2024-2371
cve-coordination@incibe.es leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-0326
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1680
security@wordfence.com
security@wordfence.com livemesh — elementor_addons_by_livemesh
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.This issue affects Elementor Addons by Livemesh: from n/a through 8.3.5. 2024-03-14 6.5 CVE-2024-27986
audit@patchstack.com livemesh — livemesh_addons_for_elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3. 2024-03-15 6.5 CVE-2024-25598
audit@patchstack.com livemesh — wpbakery_page_builder_addons_by_livemesh
  The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘per_line_mobile’ shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2079
security@wordfence.com
security@wordfence.com logitech — logi_tune
  Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. 2024-03-15 4.4 CVE-2024-2537
cve-coordination@logitech.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2516
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2517
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookdate.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2520
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2522
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2524
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2527
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2528
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2529
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2531
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256969 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-16 6.3 CVE-2024-2532
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com mainwp — mainwp_dashboard_-_wordpress_manager_for_multiple_websites_maintenance
  The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the ‘posting_bulk’ function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-13 4.3 CVE-2024-1642
security@wordfence.com
security@wordfence.com
security@wordfence.com mattermost — mattermost
  Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server. 2024-03-15 6.1 CVE-2024-2445
responsibledisclosure@mattermost.com mattermost — mattermost
  Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages. 2024-03-15 4.3 CVE-2024-2446
responsibledisclosure@mattermost.com mattermost — mattermost_mobile
  A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-15 4.7 CVE-2024-2497
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com mdp — rotp
  The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation. 2024-03-16 5.3 CVE-2024-28862
security-advisories@github.com metagauss — eventprime_-_events_calendar,_bookings_and_tickets
  The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event. 2024-03-13 5.3 CVE-2024-1126
security@wordfence.com
security@wordfence.com metagauss — eventprime_-_events_calendar,_bookings_and_tickets
  The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated attackers to book events for free. 2024-03-13 5.3 CVE-2024-1321
security@wordfence.com
security@wordfence.com metagauss — eventprime_-_events_calendar,_bookings_and_tickets
  The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII. 2024-03-13 4.3 CVE-2024-1127
security@wordfence.com
security@wordfence.com
security@wordfence.com mha_sistemas — armhazena
  A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-15 6.3 CVE-2024-2480
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com microsoft — intune_company_portal_for_android
  Microsoft Intune Linux Agent Elevation of Privilege Vulnerability 2024-03-12 6.6 CVE-2024-26201
secure@microsoft.com microsoft — microsoft_edge_(chromium-based)
  Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2024-03-14 4.7 CVE-2024-26163
secure@microsoft.com microsoft — microsoft_teams_for_android
  Microsoft Teams for Android Information Disclosure Vulnerability 2024-03-12 5 CVE-2024-21448
secure@microsoft.com microsoft — windows_10_version_1809
  Windows USB Hub Driver Remote Code Execution Vulnerability 2024-03-12 6.8 CVE-2024-21429
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Hyper-V Denial of Service Vulnerability 2024-03-12 5.5 CVE-2024-21408
secure@microsoft.com microsoft — windows_10_version_1809
  Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability 2024-03-12 5.7 CVE-2024-21430
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Kernel Information Disclosure Vulnerability 2024-03-12 5.5 CVE-2024-26174
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Kernel Information Disclosure Vulnerability 2024-03-12 5.5 CVE-2024-26177
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Kernel Denial of Service Vulnerability 2024-03-12 5.5 CVE-2024-26181
secure@microsoft.com microsoft — windows_11_version_22h2
  Windows Compressed Folder Tampering Vulnerability 2024-03-12 6.5 CVE-2024-26185
secure@microsoft.com microsoft — windows_11_version_22h2
  Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability 2024-03-12 5.5 CVE-2024-26160
secure@microsoft.com microsoft — windows_defender_antimalware_platform
  Microsoft Defender Security Feature Bypass Vulnerability 2024-03-12 5.5 CVE-2024-20671
secure@microsoft.com microsoft — windows_server_2019
  Windows Standards-Based Storage Management Service Denial of Service Vulnerability 2024-03-12 6.5 CVE-2024-26197
secure@microsoft.com movistar_ — router_movistar_4g
  Cross-Site Request Forgery vulnerability in Movistar’s 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated. 2024-03-13 6.5 CVE-2024-2416
cve-coordination@incibe.es mra13 — simple_membership
  The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Display Name’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution. 2024-03-13 4.7 CVE-2024-1985
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com msaari — relevanssi_-_a_better_search
  The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is. 2024-03-13 5.3 CVE-2024-1380
security@wordfence.com
security@wordfence.com n/a — 1panel
  A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304. 2024-03-10 6.3 CVE-2024-2352
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — 3rd_and_4th_generation_intel(r)_xeon(r)_processors_when_using_intel(r)_sgx_or_intel(r)_tdx
  Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. 2024-03-14 6.1 CVE-2023-22655
secure@intel.com n/a — intel(r)_atom(r)_processors
  Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 2024-03-14 6.5 CVE-2023-28746
secure@intel.com n/a — intel(r)_csme_installer_software
  Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-03-14 6.7 CVE-2023-28389
secure@intel.com n/a — intel(r)_csme_installer_software
  Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-03-14 6.7 CVE-2023-32633
secure@intel.com n/a — intel(r)_processors
  Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. 2024-03-14 6.5 CVE-2023-39368
secure@intel.com n/a — intel(r)_processors
  Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 2024-03-14 5.5 CVE-2023-38575
secure@intel.com n/a — intel(r)_sps_firmware_versions
  Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access. 2024-03-14 6.8 CVE-2023-35191
secure@intel.com n/a — intel(r)_xeon(r)_d_processors_with_intel(r)_sgx
  Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. 2024-03-14 5.3 CVE-2023-43490
secure@intel.com n/a — libvirt
  An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. 2024-03-11 5.5 CVE-2024-1441
secalert@redhat.com
secalert@redhat.com n/a — openstack-designate
  An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information. 2024-03-15 6.6 CVE-2023-6725
secalert@redhat.com
secalert@redhat.com n/a — ovn
  A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service. 2024-03-12 6.5 CVE-2024-2182
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com ndijkstra — mollie_forms
  The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages. 2024-03-11 4.3 CVE-2024-1400
security@wordfence.com
security@wordfence.com ndijkstra — mollie_forms
  The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin. 2024-03-11 4.3 CVE-2024-1645
security@wordfence.com
security@wordfence.com
security@wordfence.com netweblogic — events_manager_-_calendar,_bookings,_tickets,_and_more!
  The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-13 4.4 CVE-2024-0614
security@wordfence.com
security@wordfence.com
security@wordfence.com newsletter2go — newsletter2go
  The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-12 6.4 CVE-2024-1328
security@wordfence.com
security@wordfence.com nik00726 — team_circle_image_slider_with_lightbox
  The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-13 5.3 CVE-2015-10130
security@wordfence.com
security@wordfence.com nixos — nix
  Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as “valid” and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-11 6.3 CVE-2024-27297
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com nmedia — comments_extra_fields_for_post,pages_and_cpt
  The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings. 2024-03-13 4.3 CVE-2024-0829
security@wordfence.com
security@wordfence.com
security@wordfence.com nmedia — comments_extra_fields_for_post,pages_and_cpt
  The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings. 2024-03-13 4.3 CVE-2024-0830
security@wordfence.com
security@wordfence.com
security@wordfence.com openolat — openolat
  OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system. 2024-03-11 4.6 CVE-2024-28198
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com opentext — vertica_management_console
  Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.  The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x 2024-03-15 5 CVE-2023-7248
security@opentext.com opentext– exceed_turbo_x
  HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.   2024-03-13 6.4 CVE-2023-38536
security@opentext.com opentextâ„¢ — exceed_turbo_x
  Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.   2024-03-13 4.7 CVE-2023-38535
security@opentext.com palantir — com.palantir.acme.gaia:gaia
  One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack. 2024-03-12 6.8 CVE-2023-30968
cve-coordination@palantir.com palo_alto_networks — globalprotect_app
  An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode. 2024-03-13 5.5 CVE-2024-2431
psirt@paloaltonetworks.com palo_alto_networks — globalprotect_app
  A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. 2024-03-13 4.5 CVE-2024-2432
psirt@paloaltonetworks.com palo_alto_networks — pan-os
  An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected. 2024-03-13 4.3 CVE-2024-2433
psirt@paloaltonetworks.com papercut — papercut_ng,_papercut_mf
  This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. 2024-03-14 6.3 CVE-2024-1883
eb41dac7-0af8-4f84-9f6d-0272772514f4 papercut — papercut_ng,_papercut_mf
  This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. 2024-03-14 6.5 CVE-2024-1884
eb41dac7-0af8-4f84-9f6d-0272772514f4 papercut — papercut_ng,_papercut_mf
  This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state. 2024-03-14 4.8 CVE-2024-1223
eb41dac7-0af8-4f84-9f6d-0272772514f4 pawaryogesh1989 — bulk_edit_post_titles
  The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. 2024-03-13 4.3 CVE-2024-0369
security@wordfence.com
security@wordfence.com peering-manager — peering-manager
  Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-12 6.1 CVE-2024-28112
security-advisories@github.com
security-advisories@github.com phoenix_contact — charx_sec-3000
  An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. 2024-03-12 5.3 CVE-2024-25994
info@cert.vde.com phoenix_contact — charx_sec-3000
  An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. 2024-03-12 5.3 CVE-2024-25996
info@cert.vde.com phoenix_contact — charx_sec-3000
  An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. 2024-03-12 5.3 CVE-2024-25997
info@cert.vde.com phoenix_contact — charx_sec-3000
  An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.  2024-03-12 5.9 CVE-2024-26000
info@cert.vde.com phoenix_contact — charx_sec-3000
  An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS.  2024-03-12 4.8 CVE-2024-26005
info@cert.vde.com pinterest — querybook
  Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook’s datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-14 5.6 CVE-2024-28251
security-advisories@github.com
security-advisories@github.com postalserver — postal
  Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has ‘authorised’ to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with `<CR><LF>` line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. Once upgraded, Postal will only accept End of DATA sequences which are explicitly `<CR><LF>.<CR><LF>`. If a non-compliant sequence is detected it will be logged to the SMTP server log. There are no workarounds for this issue. 2024-03-11 5.3 CVE-2024-27938
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com premium_addons_for_elementor — premium_addons_pro_for_elementor
  The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1996
security@wordfence.com
security@wordfence.com premium_addons_for_elementor — premium_addons_pro_for_elementor
  The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘premium_fbchat_app_id’ parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1997
security@wordfence.com
security@wordfence.com premium_addons_for_elementor — premium_addons_pro_for_elementor
  The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘navigation_dots’ parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2000
security@wordfence.com
security@wordfence.com premium_addons_for_elementor — premium_addons_pro_for_elementor
  The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2237
security@wordfence.com
security@wordfence.com premium_addons_for_elementor — premium_addons_pro_for_elementor
  The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2238
security@wordfence.com
security@wordfence.com premium_addons_for_elementor — premium_addons_pro_for_elementor
  The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2239
security@wordfence.com
security@wordfence.com premium_addons_for_elementor — premium_addons_pro_for_elementor
  The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-15 6.4 CVE-2024-2399
security@wordfence.com
security@wordfence.com
security@wordfence.com qnap — qts An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later 2024-03-08 6.5 CVE-2024-21900
security@qnapsecurity.com.tw radgeek — feedwordpress
  The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled ‘guid’ key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information. 2024-03-13 5.3 CVE-2024-0839
security@wordfence.com
security@wordfence.com rayhanduitku — duitku_payment_gateway
  The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed. 2024-03-13 5.3 CVE-2024-0631
security@wordfence.com
security@wordfence.com realmag777 — husky_-_products_filter_for_woocommerce_(formerly_woof)
  Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3. 2024-03-15 4.3 CVE-2023-50861
audit@patchstack.com realmag777 — husky_-_products_filter_professional_for_woocommerce
  The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘woof’ shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘swoof_slug’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-15 6.4 CVE-2024-1796
security@wordfence.com
security@wordfence.com rednao — woocommerce_pdf_invoice_builder
  Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101. 2024-03-16 5.4 CVE-2023-51486
audit@patchstack.com rejetto_ — http_file_server_
  An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site. 2024-03-12 6.5 CVE-2024-1227
cve-coordination@incibe.es rocket_elements — split_test_for_elementor
  Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9. 2024-03-16 4.3 CVE-2023-51407
audit@patchstack.com rogierlankhorst — burst_statistics_-_privacy-friendly_analytics_for_wordpress
  The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘burst_total_pageviews_count’ custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the ‘Show Toolbar when viewing site’ option enabled in their profile. 2024-03-13 6.4 CVE-2024-1894
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com sap_se — netweaver_(wsrm)
  Under certain conditions SAP NetWeaver WSRM – version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. 2024-03-12 5.3 CVE-2024-25644
cna@sap.com
cna@sap.com sap_se — sap_abap_platform
  Due to missing authorization check, attacker with business user account in SAP ABAP Platform – version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. 2024-03-12 4.3 CVE-2024-27900
cna@sap.com
cna@sap.com sap_se — sap_fiori_front_end_server
  SAP Fiori Front End Server – version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application. 2024-03-12 4.6 CVE-2024-22133
cna@sap.com
cna@sap.com sap_se — sap_netweaver_(enterprise_portal)
  Under certain condition SAP NetWeaver (Enterprise Portal) – version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application. 2024-03-12 5.3 CVE-2024-25645
cna@sap.com
cna@sap.com sap_se — sap_netweaver_as_abap_applications_based_on_sapgui_for_html_(webgui)
  Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP – versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system 2024-03-12 5.4 CVE-2024-27902
cna@sap.com
cna@sap.com sap_se — sap_netweaver_process_integration_(support_web_pages)
  Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) – versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. 2024-03-12 5.3 CVE-2024-28163
cna@sap.com
cna@sap.com sewpafly — post_thumbnail_editor
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. 2024-03-16 5.3 CVE-2024-24845
audit@patchstack.com shapedplugin — easy_accordion_-_best_accordion_faq_plugin_for_wordpress
  The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘accordion_content_source’ attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1363
security@wordfence.com
security@wordfence.com siemens — sentron_7km_pac3120_ac/dc
  A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003… and LQN231215… ( with LQNYYMMDD…)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. 2024-03-12 4.6 CVE-2024-21483
productcert@siemens.com siemens — siveillance_control
  A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. 2024-03-12 5.5 CVE-2023-45793
productcert@siemens.com sirv.com — sirv
  Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. 2024-03-15 5.4 CVE-2023-50898
audit@patchstack.com skyhigh — skyhigh_client_proxy
  A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. 2024-03-14 5.5 CVE-2024-0311
trellixpsirt@trellix.com skyhigh — skyhigh_client_proxy
  A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. 2024-03-14 5.5 CVE-2024-0312
trellixpsirt@trellix.com skyhigh — skyhigh_client_proxy
  A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. 2024-03-14 5.5 CVE-2024-0313
trellixpsirt@trellix.com snowflakedb — snowflake-hive-metastore-connector
  The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script. 2024-03-15 4 CVE-2024-28851
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com softaculous — backuply_-_backup,_restore,_migrate_and_clone
  The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers. 2024-03-16 4.9 CVE-2024-2294
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com soundcloud_inc.,_lawrie_malen — soundcloud_shortcode
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1. 2024-03-15 6.5 CVE-2024-25936
audit@patchstack.com sourcecodester — best_pos_management_system
  A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability. 2024-03-13 6.3 CVE-2024-2418
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — crud_without_page_reload
  A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability. 2024-03-12 6.3 CVE-2024-2393
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
  The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user’s username and email addresses which can be used to help perform future attacks. 2024-03-13 5.3 CVE-2024-2106
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com subratamal — terawallet_-_best_woocommerce_wallet_system_with_cashback_rewards,_partial_payment,_wallet_refunds
  The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails. 2024-03-13 4.3 CVE-2024-1690
security@wordfence.com
security@wordfence.com surya2developer — hostel_management_service
  A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability. 2024-03-15 4.3 CVE-2024-2483
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com surya2developer — hostel_management_system
  A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. 2024-03-15 6.5 CVE-2024-2481
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com svenl77 — post_form_-_registration_form_-_profile_form_for_user_profiles_-_frontend_content_forms_for_user_submissions_(ugc)
  The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published. 2024-03-13 4.3 CVE-2024-1158
security@wordfence.com
security@wordfence.com
security@wordfence.com sysbasics — customize_my_account_for_woocommerce
  Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3. 2024-03-15 4.3 CVE-2023-51369
audit@patchstack.com takayukister — contact_form_7
  The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 6.1 CVE-2024-2242
security@wordfence.com
security@wordfence.com techfyd — sky_addons_for_elementor_(free_templates_library,_live_copy,_animations,_post_grid,_post_carousel,_particles,_sliders,_chart,_blogs)
  The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2286
security@wordfence.com
security@wordfence.com techjewel — contact_form_plugin_by_fluent_forms_for_quiz,_survey,_and_drag_&_drop_wp_form_builder
  The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin. 2024-03-13 4.9 CVE-2023-6957
security@wordfence.com
security@wordfence.com thedark — auto_affiliate_links
  The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts. 2024-03-13 4.3 CVE-2024-1843
security@wordfence.com
security@wordfence.com
security@wordfence.com themefusecom — brizy_-_page_builder
  The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1291
security@wordfence.com
security@wordfence.com themefusecom — brizy_-_page_builder
  The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1293
security@wordfence.com
security@wordfence.com themefusecom — brizy_-_page_builder
  The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1296
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com themefusion — avada_|_website_builder_for_wordpress_&_woocommerce
  The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form’s “password” field). 2024-03-13 6.5 CVE-2024-1668
security@wordfence.com
security@wordfence.com themegrill — maintenance_page
  The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails. 2024-03-13 5.3 CVE-2024-1370
security@wordfence.com
security@wordfence.com themegrill — maintenance_page
  The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode. 2024-03-13 5.3 CVE-2024-1462
security@wordfence.com
security@wordfence.com themeisle — orbit_fox_by_themeisle
  The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1497
security@wordfence.com
security@wordfence.com
security@wordfence.com themeisle — orbit_fox_by_themeisle
  The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings[‘title_tags’] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1499
security@wordfence.com
security@wordfence.com
security@wordfence.com themeisle — orbit_fox_by_themeisle
  The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2126
security@wordfence.com
security@wordfence.com themencode_llc — tnc_pdf_viewer
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0. 2024-03-13 6.5 CVE-2024-25097
audit@patchstack.com themisle — otter_blocks_pro_-_gutenberg_blocks,_page_builder_for_gutenberg_editor_&_fse
  The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1684
security@wordfence.com
security@wordfence.com themisle — otter_blocks_pro_-_gutenberg_blocks,_page_builder_for_gutenberg_editor_&_fse
  The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG uploads but the uploaded SVG files are sanitized. 2024-03-13 6.1 CVE-2024-1691
security@wordfence.com
security@wordfence.com tibco_software_inc. — tibco_activespaces_-_enterprise_edition
  The Proxy and Client components of TIBCO Software Inc.’s TIBCO ActiveSpaces – Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Enterprise Edition: versions 4.4.0 through 4.9.0. 2024-03-12 4.3 CVE-2024-1137
security@tibco.com timstrifler — exclusive_addons_for_elementor
  The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1234
security@wordfence.com
security@wordfence.com timstrifler — exclusive_addons_for_elementor
  The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1413
security@wordfence.com
security@wordfence.com timstrifler — exclusive_addons_for_elementor
  The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1414
security@wordfence.com
security@wordfence.com timstrifler — exclusive_addons_for_elementor
  The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-2028
security@wordfence.com
security@wordfence.com turtlepod — f(x)_private_site
  The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin. 2024-03-12 5.3 CVE-2024-0906
security@wordfence.com
security@wordfence.com vantage6 — vantage6
  vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. 2024-03-14 5.3 CVE-2024-24770
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com vantage6 — vantage6
  vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. 2024-03-14 4.2 CVE-2024-23823
security-advisories@github.com
security-advisories@github.com vantage6 — vantage6-ui
  vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx. 2024-03-14 5.4 CVE-2024-24562
security-advisories@github.com
security-advisories@github.com visualcomposer — visual_composer_website_builder,_landing_page_builder,_custom_theme_builder,_maintenance_mode_&_coming_soon_pages
  The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2023-6880
security@wordfence.com
security@wordfence.com wago — controller_bacnet/ip
  An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability. 2024-03-13 5.4 CVE-2018-25090
info@cert.vde.com wbw — product_table_by_wbw
  Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6. 2024-03-16 4.3 CVE-2023-51512
audit@patchstack.com webtechstreet — elementor_addon_elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icon_align’ attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1393
security@wordfence.com
security@wordfence.com
security@wordfence.com webtechstreet — elementor_addon_elements
  The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1391
security@wordfence.com
security@wordfence.com
security@wordfence.com webtechstreet — elementor_addon_elements
  The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button1_icon’ attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1392
security@wordfence.com
security@wordfence.com
security@wordfence.com webtechstreet — elementor_addon_elements
  The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget’s effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1422
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wokamoto — simple_tweet
  The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-0700
security@wordfence.com
security@wordfence.com
security@wordfence.com wpchill — simple_restrict
  The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin’s restrictions to extract post titles and content 2024-03-13 5.3 CVE-2024-1083
security@wordfence.com
security@wordfence.com wpdatatables — wpdatatables_-_wordpress_data_table,_dynamic_tables_&_table_charts_plugin
  The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘A’ parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 6.1 CVE-2024-0591
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wpdevteam — essential_addons_for_elementor_-_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
  The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1537
security@wordfence.com
security@wordfence.com wpdevteam — essential_blocks_-_page_builder_gutenberg_blocks,_patterns_&_templates
  The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1854
security@wordfence.com
security@wordfence.com wpeventmanager — wp_event_manager_-_events_calendar,_registrations,_sell_tickets_with_woocommerce
  The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 6.1 CVE-2024-0976
security@wordfence.com
security@wordfence.com
security@wordfence.com wpgmaps — wp_go_maps_(formerly_wp_google_maps) The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpgmza’ shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1582
security@wordfence.com
security@wordfence.com wpgmaps — wp_go_maps_(formerly_wp_google_maps)
  The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-13 4.4 CVE-2023-4839
security@wordfence.com
security@wordfence.com wpmu_dev — broken_link_checker
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. 2024-03-15 5.9 CVE-2024-25592
audit@patchstack.com wpswings — ultimate_gift_cards_for_woocommerce_-_create,_redeem_&_manage_digital_gift_certificates_with_personalized_templates
  The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data. 2024-03-16 5.3 CVE-2024-1857
security@wordfence.com
security@wordfence.com wpvividplugins — wpvivid_backup_for_mainwp
  The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-13 6.1 CVE-2024-1383
security@wordfence.com
security@wordfence.com
security@wordfence.com wpwax — legal_pages
  Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. 2024-03-15 4.3 CVE-2023-50886
audit@patchstack.com xpeedstudio — elementskit_elementor_addons
  The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-16 6.4 CVE-2024-1239
security@wordfence.com
security@wordfence.com xpeedstudio — elementskit_elementor_addons
  The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-16 6.4 CVE-2024-2042
security@wordfence.com
security@wordfence.com
security@wordfence.com xpeedstudio — elementskit_elementor_addons
  The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-16 5.5 CVE-2023-6525
security@wordfence.com
security@wordfence.com
security@wordfence.com xpeedstudio — metform_elementor_contact_form_builder
  The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-13 6.4 CVE-2024-1585
security@wordfence.com
security@wordfence.com
security@wordfence.com xpeedstudio — wp_social_login_and_register_social_counter
  The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features. 2024-03-13 6.5 CVE-2024-1763
security@wordfence.com
security@wordfence.com yonifre — maspik_-_spam_blacklist
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6. 2024-03-13 5.9 CVE-2024-25101
audit@patchstack.com yooooomi — your_spotify
  your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify API access and refresh tokens to guest users. Attackers with access to a public token for guest access to YourSpotify can therefore obtain access to Spotify API tokens of YourSpotify users. As a consequence, attackers may extract profile information, information about listening habits, playlists and other information from the corresponding Spotify profile. In addition, the attacker can pause and resume playback in the Spotify app at will. This issue has been resolved in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this issue. 2024-03-13 6.5 CVE-2024-28193
security-advisories@github.com yooooomi — your_spotify
  your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as allowing signup of other users or deleting the current user account. Clickjacking works by opening the target application in an invisible iframe on an attacker-controlled site and luring a victim to visit the attacker page and interacting with it. By positioning elements over the invisible iframe, a victim can be tricked into triggering malicious or destructive actions in the invisible iframe, while they think they interact with a totally different site altogether. When a victim visits an attacker-controlled site while they are logged into YourSpotify, they can be tricked into performing actions on their YourSpotify instance without their knowledge. These actions include allowing signup of other users or deleting the current user account, resulting in a high impact to the integrity of YourSpotify. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-13 6.5 CVE-2024-28196
security-advisories@github.com yooooomi — your_spotify
  your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-03-13 5.3 CVE-2024-28192
security-advisories@github.com zemana — antilogger
  Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers 2024-03-15 5.5 CVE-2024-2180
help@fluidattacks.com
help@fluidattacks.com zemana — antilogger
  Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers. 2024-03-15 5.5 CVE-2024-2204
help@fluidattacks.com
help@fluidattacks.com zemena — antilogger
  Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. 2024-03-14 5.5 CVE-2024-1853
help@fluidattacks.com
help@fluidattacks.com zoom_video_communications,_inc. — zoom_rooms_client_for_windows
  Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. 2024-03-13 5.3 CVE-2024-24692
security@zoom.us