Vulnerability Summary for the Week of March 25, 2024 | CISA


10web — photogallery

 

The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue. Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited. 2024-03-26 6.1 CVE-2024-29832
info@appcheck-ng.com
info@appcheck-ng.com 10web — photogallery
  The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. 2024-03-26 5.4 CVE-2024-29808
info@appcheck-ng.com
info@appcheck-ng.com 10web — photogallery
  The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. 2024-03-26 5.4 CVE-2024-29809
info@appcheck-ng.com
info@appcheck-ng.com 10web — photogallery
  The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. 2024-03-26 5.4 CVE-2024-29810
info@appcheck-ng.com
info@appcheck-ng.com 10web — photogallery
  The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users. 2024-03-26 5.4 CVE-2024-29833
info@appcheck-ng.com
info@appcheck-ng.com accessally — popupally
  Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. 2024-03-26 4.3 CVE-2024-23520
audit@patchstack.com algoritim — e-commerce_software
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2. 2024-03-29 6.1 CVE-2023-6047
iletisim@usom.gov.tr alireza_sedghi — aparat_for_wordpress

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0. 2024-03-27 6.5 CVE-2024-29765
audit@patchstack.com all_in_one_wp_security_&_firewall_team — all_in_one_wp_security_&_firewall
  Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6. 2024-03-29 4.3 CVE-2024-30468
audit@patchstack.com alordiel — dropdown_multisite_selector

 

A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-27 6.3 CVE-2024-2991
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com alordiel — dropdown_multisite_selector

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2. 2024-03-27 6.5 CVE-2024-29910
audit@patchstack.com aminur_islam — wp_change_email_sender
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0. 2024-03-27 5.9 CVE-2024-29815
audit@patchstack.com ampache — ampache
  Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1 2024-03-27 6.1 CVE-2024-28852
security-advisories@github.com
security-advisories@github.com andy_moyle — church_admin

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17. 2024-03-27 6.5 CVE-2024-30193
audit@patchstack.com andy_moyle — church_admin

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26. 2024-03-27 6.5 CVE-2024-30197
audit@patchstack.com andy_moyle — church_admin
  Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18. 2024-03-29 5.4 CVE-2024-30505
audit@patchstack.com andy_moyle — church_admin
  Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7. 2024-03-29 4.3 CVE-2024-30493
audit@patchstack.com antoine_hurkmans — football_pool

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3. 2024-03-27 6.5 CVE-2024-29802
audit@patchstack.com appneta — tcpreplay
  A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-28 5.3 CVE-2024-3024
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com appsmav — gratisfaction

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4. 2024-03-27 6.5 CVE-2024-29798
audit@patchstack.com argoproj — argo-cd

 

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it’s possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD’s helm package, does not limit the size nor time while fetching the data. It fetches it and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out of it. A patch for this vulnerability has been released in v2.10.3, v2.9.8, and v2.8.12. 2024-03-29 6.5 CVE-2024-29893
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com athemes — sydney_toolbox

 

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-29 6.4 CVE-2024-2936
security@wordfence.com
security@wordfence.com automationdirect — c-more_ea9_hmi_ea9-t6cl
  In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. 2024-03-26 6.5 CVE-2024-25138
ics-cert@hq.dhs.gov automationdirect — c-more_ea9_hmi_ea9-t6cl
  In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions. 2024-03-26 4.3 CVE-2024-25137
ics-cert@hq.dhs.gov azure — azure-c-shared-utility

 

The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. 2024-03-26 6 CVE-2024-29195
security-advisories@github.com
security-advisories@github.com backie — wp-eggdrop
  The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-29 5.4 CVE-2024-2969
security@wordfence.com
security@wordfence.com backie — wp-eggdrop
  The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-29 4.4 CVE-2024-2968
security@wordfence.com
security@wordfence.com baptiste_placé — icalendrier

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80. 2024-03-27 6.5 CVE-2024-29912
audit@patchstack.com bdthemes — element_pack_elementor_addons

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3. 2024-03-27 6.5 CVE-2024-30185
audit@patchstack.com bdthemes — prime_slider_-_addons_for_elementor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1. 2024-03-27 6.5 CVE-2024-30186
audit@patchstack.com betteraddons — better_elementor_addons

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BetterAddons Better Elementor Addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.3.7. 2024-03-29 6.5 CVE-2024-30423
audit@patchstack.com blocksera — image_hover_effects_-_elementor_addon

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4. 2024-03-27 6.5 CVE-2024-29936
audit@patchstack.com boldgrid — boldgrid_easy_seo_-_simple_and_effective_seo
  The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-1692
security@wordfence.com
security@wordfence.com boldgrid — post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. 2024-03-26 6.5 CVE-2024-2888
audit@patchstack.com boldthemes — bold_page_builder

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6. 2024-03-27 6.5 CVE-2024-30179
audit@patchstack.com boldthemes — bold_page_builder

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.8.0. 2024-03-29 6.5 CVE-2024-30442
audit@patchstack.com booster — booster_plus_for_woocommerce
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. 2024-03-28 6.5 CVE-2023-52231
audit@patchstack.com booster — booster_plus_for_woocommerce
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. 2024-03-28 6.5 CVE-2023-52234
audit@patchstack.com bplugins — b_slider_-_slider_for_your_block_editor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins B Slider – Slider for your block editor allows Stored XSS.This issue affects B Slider – Slider for your block editor: from n/a through 1.1.12. 2024-03-29 6.5 CVE-2024-30432
audit@patchstack.com bplugins — print_page_block

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins Print Page block allows Stored XSS.This issue affects Print Page block: from n/a through 1.0.8. 2024-03-29 6.5 CVE-2024-30438
audit@patchstack.com brainstorm_force — astra
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4. 2024-03-27 5.9 CVE-2024-29768
audit@patchstack.com brainstormforce — ultimate_addons_for_beaver_builder_-_lite The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-2141
security@wordfence.com
security@wordfence.com
security@wordfence.com brainstormforce — ultimate_addons_for_beaver_builder_-_lite The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-2142
security@wordfence.com
security@wordfence.com
security@wordfence.com brainstormforce — ultimate_addons_for_beaver_builder_-_lite The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-2143
security@wordfence.com
security@wordfence.com brainstormforce — ultimate_addons_for_beaver_builder_-_lite The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-2144
security@wordfence.com
security@wordfence.com
security@wordfence.com brainstormforce — ultimate_addons_for_beaver_builder_-_lite
  The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-2140
security@wordfence.com
security@wordfence.com brave — brave_popup_builder
  Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. 2024-03-29 5.4 CVE-2024-30453
audit@patchstack.com brice_capobianco — simple_revisions_delete
  Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3. 2024-03-29 4.3 CVE-2024-30482
audit@patchstack.com camille_verrier — travelers’_map

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Camille Verrier Travelers’ Map allows Stored XSS.This issue affects Travelers’ Map: from n/a through 2.2.0. 2024-03-27 6.5 CVE-2024-29909
audit@patchstack.com campcodes — house_rental_management_system
  A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983. 2024-03-26 5.4 CVE-2024-2917
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_art_gallery_management_system

 

A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability. 2024-03-27 6.3 CVE-2024-2999
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_examination_system

 

A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258029 was assigned to this vulnerability. 2024-03-27 6.3 CVE-2024-2938
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_examination_system

 

A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258032. 2024-03-27 6.3 CVE-2024-2941
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_examination_system

 

A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258033 was assigned to this vulnerability. 2024-03-27 6.3 CVE-2024-2942
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_examination_system

 

A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258034 is the identifier assigned to this vulnerability. 2024-03-27 6.3 CVE-2024-2943
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_examination_system

 

A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258035. 2024-03-27 6.3 CVE-2024-2944
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_examination_system

 

A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036. 2024-03-27 6.3 CVE-2024-2945
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com carrierwaveuploader — carrierwave
  CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn’t fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what’s allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6. 2024-03-24 6.8 CVE-2024-29034
security-advisories@github.com
security-advisories@github.com cartflows_inc. — funnel_builder_by_cartflows
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1. 2024-03-27 5.9 CVE-2024-29813
audit@patchstack.com cincopa — post_video_players
  Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159. 2024-03-27 5.4 CVE-2024-23515
audit@patchstack.com cisco — cisco_aironet_access_point_software
  A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition. 2024-03-27 4.7 CVE-2024-20354
ykramarz@cisco.com cisco — cisco_digital_network_architecture_center_(dna_center)
  A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field. 2024-03-27 4.3 CVE-2024-20333
ykramarz@cisco.com cisco — cisco_ios_xe_software
  A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root. 2024-03-27 6.5 CVE-2024-20278
ykramarz@cisco.com cisco — cisco_ios_xe_software
  A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system. 2024-03-27 6 CVE-2024-20306
ykramarz@cisco.com cisco — cisco_ios_xe_software
  A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised. 2024-03-27 5.9 CVE-2024-20265
ykramarz@cisco.com cisco — cisco_ios_xe_software
  A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition. 2024-03-27 5.6 CVE-2024-20309
ykramarz@cisco.com cisco — cisco_ios_xe_software
  A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device. 2024-03-27 5.8 CVE-2024-20316
ykramarz@cisco.com cisco — cisco_ios_xe_software
  A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access. 2024-03-27 5.5 CVE-2024-20324
ykramarz@cisco.com cisco — ios
  A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. 2024-03-27 6.8 CVE-2024-20307
ykramarz@cisco.com cloudways — breeze
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3. 2024-03-27 5.9 CVE-2024-27188
audit@patchstack.com code-projects — online_book_system

 

A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203. 2024-03-27 6.3 CVE-2024-3001
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com code-projects — online_book_system

 

A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258204. 2024-03-27 6.3 CVE-2024-3002
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com code-projects — online_book_system

 

A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability. 2024-03-27 6.3 CVE-2024-3003
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com codepeople — google_maps_cp
  Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43. 2024-03-25 4.3 CVE-2023-25039
audit@patchstack.com codesupplyco — networker_-_tech_news_wordpress_theme_with_dark_mode
  The Networker – Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus. 2024-03-27 5.3 CVE-2024-2962
security@wordfence.com
security@wordfence.com
security@wordfence.com codexthemes — thegem_(elementor)
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. 2024-03-26 6.5 CVE-2023-32237
audit@patchstack.com
audit@patchstack.com collect.chat_inc. — collectchat

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1. 2024-03-29 6.5 CVE-2024-30436
audit@patchstack.com crm_perks — crm_perks_forms

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4. 2024-03-29 6.5 CVE-2024-30446
audit@patchstack.com currencyrate.today — crypto_converter_widget

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4. 2024-03-27 6.5 CVE-2024-29930
audit@patchstack.com currencyrate.today — exchange_rates_widget

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through 1.4.0. 2024-03-27 6.5 CVE-2024-29814
audit@patchstack.com cyberaz0r — webrat
  A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability. 2024-03-24 6.3 CVE-2020-36825
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com dearhive — dearflip

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. 2024-03-27 6.5 CVE-2024-29807
audit@patchstack.com deepak_anand — wp_dummy_content_generator
  Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. 2024-03-26 4.3 CVE-2024-24805
audit@patchstack.com dell — dell_openmanage_enterprise
  Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application. 2024-03-29 5.7 CVE-2024-25944
security_alert@emc.com dell — grab_for_windows
  Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption. 2024-03-26 6.7 CVE-2024-25958
security_alert@emc.com dell — grab_for_windows
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0. 2024-03-26 5.9 CVE-2023-25965
audit@patchstack.com dell — grab_for_windows
  Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. 2024-03-26 5.5 CVE-2024-25956
security_alert@emc.com dell — grab_for_windows
  Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. 2024-03-26 4.8 CVE-2024-25957
security_alert@emc.com dell — powerprotect_data_manager
  Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. 2024-03-28 5.5 CVE-2024-25971
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. 2024-03-28 6 CVE-2024-25952
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. 2024-03-28 6 CVE-2024-25953
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. 2024-03-28 6 CVE-2024-25961
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. 2024-03-28 5.3 CVE-2024-25954
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. 2024-03-28 5.9 CVE-2024-25963
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. 2024-03-25 5.3 CVE-2024-25964
security_alert@emc.com dglingren — media_library_assistant
  The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-29 6.4 CVE-2024-2475
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com easy_social_feed — easy_social_feed

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3. 2024-03-27 6.5 CVE-2024-30180
audit@patchstack.com elastic — elasticsearch
  An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files. 2024-03-29 4.3 CVE-2024-23449
bressers@elastic.co elastic — elasticsearch
  A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. 2024-03-27 4.9 CVE-2024-23450
bressers@elastic.co
bressers@elastic.co elastic — elasticsearch
  Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue. 2024-03-27 4.4 CVE-2024-23451
bressers@elastic.co envialosimple — envíalosimple
  Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.3. 2024-03-26 6.5 CVE-2023-51416
audit@patchstack.com epsiloncool — wp_fast_total_search

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211. 2024-03-27 6.5 CVE-2024-29799
audit@patchstack.com espressif — esp-idf
  ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1. 2024-03-25 6.1 CVE-2024-28183
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com exclusive_addons — exclusive_addons_elementor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8. 2024-03-27 6.5 CVE-2024-30177
audit@patchstack.com exclusive_addons — exclusive_addons_elementor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9. 2024-03-26 6.5 CVE-2024-30232
audit@patchstack.com expressjs — express
  Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. 2024-03-25 6.1 CVE-2024-29041
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com extend_themes — calliope Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. 2024-03-26 4.3 CVE-2024-2904
audit@patchstack.com extendthemes — colibri_page_builder
  Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. 2024-03-28 5.4 CVE-2024-28004
audit@patchstack.com fernandobt — list_category_posts
  The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘catlist’ shortcode in all versions up to, and including, 0.89.6 due to insufficient input sanitization and output escaping on user supplied attributes like ‘title_tag’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-1051
security@wordfence.com
security@wordfence.com
security@wordfence.com flector — easy_textillate
  The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘textillate’ shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-26 6.4 CVE-2024-2303
security@wordfence.com
security@wordfence.com flir — ax8

 

A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-28 6.3 CVE-2024-3013
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com fr-d-ric_gilles — fg_prestashop_to_woocommerce
  Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. 2024-03-29 5.3 CVE-2024-30511
audit@patchstack.com gamipress — gamipress
  Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5. 2024-03-29 4.3 CVE-2024-30455
audit@patchstack.com geonode — geonode
  GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user’s email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3. 2024-03-27 6.1 CVE-2024-27091
security-advisories@github.com
security-advisories@github.com ghozylab_inc. — web_icons

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. 2024-03-27 6.5 CVE-2024-29933
audit@patchstack.com ghozylab_inc. — web_icons

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. 2024-03-29 6.5 CVE-2024-30445
audit@patchstack.com gitlab — gitlab
  An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. 2024-03-28 4.3 CVE-2024-2818
cve@gitlab.com grafana — grafana
  It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. 2024-03-26 6.5 CVE-2024-1313
security@grafana.com gs_plugins — gs_testimonial_slider

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through 3.1.4. 2024-03-29 6.5 CVE-2024-30443
audit@patchstack.com hans_matzen — wp-forecast

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hans Matzen allows Stored XSS.This issue affects wp-forecast: from n/a through 9.2. 2024-03-29 6.5 CVE-2024-30429
audit@patchstack.com hashthemes — hash_elements

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3. 2024-03-29 6.5 CVE-2024-30426
audit@patchstack.com hashthemes — viral_news
  Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. 2024-03-25 4.3 CVE-2023-33923
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com hastheme — wishsuite

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7. 2024-03-27 6.5 CVE-2024-29927
audit@patchstack.com hasthemes — ht_mega

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3. 2024-03-27 6.5 CVE-2024-30182
audit@patchstack.com hasthemes — wc_builder

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes WC Builder allows Stored XSS.This issue affects WC Builder: from n/a through 1.0.18. 2024-03-27 6.5 CVE-2024-29926
audit@patchstack.com hewlett_packard_enterprise_(hpe) — arubaos-s_switch
  Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon 2024-03-26 4.9 CVE-2024-26303
security-alert@hpe.com hewlett_packard_enterprise_(hpe) — icewall_gen11_icewall_sso_agent
  A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. 2024-03-26 6.5 CVE-2024-22436
security-alert@hpe.com hitachi_energy — asset_suite_eam
  REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations. 2024-03-27 5.3 CVE-2024-2244
cybersecurity@hitachienergy.com hitachi_energy — rtu500_series_cmu_firmware
  A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. 2024-03-27 6.8 CVE-2024-1532
cybersecurity@hitachienergy.com hot_themes — hot_random_image

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1. 2024-03-27 6.5 CVE-2024-29796
audit@patchstack.com htdat — woo_viet
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. 2024-03-27 5.9 CVE-2024-29816
audit@patchstack.com https://elementor.com/ — elementor_website_builder_pro
  The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget’s custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-27 6.4 CVE-2024-1364
security@wordfence.com
security@wordfence.com https://elementor.com/ — elementor_website_builder_pro
  The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server. 2024-03-27 6.4 CVE-2024-1521
security@wordfence.com
security@wordfence.com https://elementor.com/ — elementor_website_builder_pro
  The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-27 6.4 CVE-2024-2781
security@wordfence.com
security@wordfence.com https://elementor.com/ — elementor_website_builder_pro
  The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-27 5.4 CVE-2024-2120
security@wordfence.com
security@wordfence.com https://elementor.com/ — elementor_website_builder_pro
  The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-27 5.4 CVE-2024-2121
security@wordfence.com
security@wordfence.com ibm — app_connect_enterprise
  IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. 2024-03-26 4.9 CVE-2024-22356
psirt@us.ibm.com
psirt@us.ibm.com ibm — qradar_siem
  IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893. 2024-03-27 5.4 CVE-2024-28784
psirt@us.ibm.com
psirt@us.ibm.com ibm — qradar_siem
  IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939. 2024-03-27 4.8 CVE-2023-50961
psirt@us.ibm.com
psirt@us.ibm.com ibm — websphere_application_server_liberty
  IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. 2024-03-27 4.7 CVE-2024-27270
psirt@us.ibm.com
psirt@us.ibm.com ideaboxcreations — powerpack_addons_for_elementor_(free_widgets_extensions_and_templates)
  The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-2491
security@wordfence.com
security@wordfence.com infinitum_form — geo_controller

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4. 2024-03-29 6.5 CVE-2024-30451
audit@patchstack.com inspirythemes — realhomes
  Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2. 2024-03-25 5.4 CVE-2023-37886
audit@patchstack.com inspirythemes — realhomes
  Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2. 2024-03-25 4.3 CVE-2023-37885
audit@patchstack.com interfacelab — media_cloud_for_amazon_s3_imgix_google_cloud_storage_digitalocean_spaces_and_more

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24. 2024-03-27 6.5 CVE-2024-29795
audit@patchstack.com jeff_starr — user_submitted_posts
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901. 2024-03-26 6.5 CVE-2023-7251
audit@patchstack.com jetbrains — teamcity
  In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled 2024-03-28 6.5 CVE-2024-31134
cve@jetbrains.com jetbrains — teamcity
  In JetBrains TeamCity before 2024.03 open redirect was possible on the login page 2024-03-28 6.1 CVE-2024-31135
cve@jetbrains.com jetbrains — teamcity
  In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration 2024-03-28 6.8 CVE-2024-31137
cve@jetbrains.com jetbrains — teamcity
  In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector 2024-03-28 5.9 CVE-2024-31139
cve@jetbrains.com jetbrains — teamcity
  In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings 2024-03-28 4.6 CVE-2024-31138
cve@jetbrains.com jetbrains — teamcity
  In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools 2024-03-28 4.1 CVE-2024-31140
cve@jetbrains.com jewel_theme — master_addons_for_elementor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. 2024-03-27 6.5 CVE-2024-29911
audit@patchstack.com jordy_meow — ai_engine:_chatgpt_chatbot

 

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. 2024-03-28 6.8 CVE-2024-29090
audit@patchstack.com jory_hogeveen — off-canvas_sidebars_&_menus_(slidebars)

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1. 2024-03-27 6.5 CVE-2024-29762
audit@patchstack.com jumpserver — jumpserver
  JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. This vulnerability is fixed in v3.10.6. 2024-03-29 4.6 CVE-2024-29020
security-advisories@github.com jumpserver — jumpserver
  JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager’s bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6. 2024-03-29 4.6 CVE-2024-29024
security-advisories@github.com katex — katex
  KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user’s KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability. 2024-03-25 6.5 CVE-2024-28243
security-advisories@github.com
security-advisories@github.com katex — katex
  KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `def` or `newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for “Unicode (sub|super)script characters” allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10. 2024-03-25 6.5 CVE-2024-28244
security-advisories@github.com
security-advisories@github.com katex — katex
  KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability. 2024-03-25 6.3 CVE-2024-28245
security-advisories@github.com
security-advisories@github.com katex — katex
  KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX’s `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== ‘javascript’`. Upgrade to KaTeX v0.16.10 to remove this vulnerability. 2024-03-25 5.5 CVE-2024-28246
security-advisories@github.com
security-advisories@github.com kienso — co-marquage_service-public.fr

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71. 2024-03-27 6.5 CVE-2024-29908
audit@patchstack.com kimai — kimai

 

Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. 2024-03-28 6.8 CVE-2024-29200
security-advisories@github.com kitforest — better_elementor_addons
  The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-29 6.4 CVE-2024-2280
security@wordfence.com
security@wordfence.com klarna — klarna_payments_for_woocommerce
  Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. 2024-03-29 5.3 CVE-2024-30477
audit@patchstack.com klbtheme — clotya_theme
  Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8. 2024-03-26 4.3 CVE-2023-49838
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com krunal_prajapati — wp_post_disclaimer

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3. 2024-03-27 6.5 CVE-2024-29761
audit@patchstack.com kstover — ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress
  The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-29 4.6 CVE-2024-2108
security@wordfence.com
security@wordfence.com kstover — ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress
  The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_download_all_subs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form’s submission to a publicly accessible location via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-29 4.3 CVE-2024-2113
security@wordfence.com
security@wordfence.com kurudrive — vk_all_in_one_expansion_unit
  The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘className.’ This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-26 6.4 CVE-2024-2170
security@wordfence.com
security@wordfence.com labib_ahmed — carousel_anything_for_wpbakery_page_builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1. 2024-03-29 6.5 CVE-2024-30520
audit@patchstack.com landingi — landingi_landing_pages
  Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1. 2024-03-29 5.4 CVE-2024-30521
audit@patchstack.com lg_electronics — lg_led_assistant
  This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. 2024-03-25 5.3 CVE-2024-2863
product.security@lge.com litonice13 — master_addons_-_free_widgets_hover_effects_toggle_conditions_animations_for_elementor
  The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-27 6.4 CVE-2024-2139
security@wordfence.com
security@wordfence.com livemesh — livemesh_addons_for_wpbakery_page_builder

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7. 2024-03-27 6.5 CVE-2024-30183
audit@patchstack.com loncar — easy_appointments
  The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ea_full_calendar’ shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-29 6.4 CVE-2024-2842
security@wordfence.com
security@wordfence.com loncar — easy_appointments
  The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. 2024-03-29 4.3 CVE-2024-2844
security@wordfence.com
security@wordfence.com
security@wordfence.com looking_forward_software_incorporated. — popup_builder

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6. 2024-03-27 6.5 CVE-2024-30184
audit@patchstack.com lordicon — lordicon_animated_icons
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lordicon Lordicon Animated Icons allows Stored XSS.This issue affects Lordicon Animated Icons: from n/a through 2.0.1. 2024-03-29 6.5 CVE-2024-30519
audit@patchstack.com mailmunch — mailchimp_forms_by_mailmunch

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2. 2024-03-27 6.5 CVE-2024-29793
audit@patchstack.com mainwp — mainwp_wordfence_extension
  Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7. 2024-03-25 5.4 CVE-2023-22699
audit@patchstack.com mark_kinchin — beds24_online_booking
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24. 2024-03-27 6.5 CVE-2023-52228
audit@patchstack.com martyn_chamberlin — don’t_muck_my_markup
  Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don’t Muck My Markup.This issue affects Don’t Muck My Markup: from n/a through 1.8. 2024-03-27 4.3 CVE-2024-23510
audit@patchstack.com marubon — pocket_news_generator
  The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the option_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-29 5.4 CVE-2024-2964
security@wordfence.com
security@wordfence.com marubon — pocket_news_generator
  The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as “Consumer Key” and “Access Token” in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-29 4.4 CVE-2024-2963
security@wordfence.com
security@wordfence.com megamenu — max_mega_menu
  Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3. 2024-03-28 5.4 CVE-2024-28003
audit@patchstack.com mehanoid.pro — flatpm

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05. 2024-03-27 6.5 CVE-2024-29803
audit@patchstack.com metagauss — eventprime
  Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. 2024-03-27 5.9 CVE-2024-29776
audit@patchstack.com metagauss — profilegrid_
  Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2. 2024-03-29 6.5 CVE-2024-30513
audit@patchstack.com metagauss — registrationmagic
  Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0. 2024-03-26 4.3 CVE-2024-2951
audit@patchstack.com miraheze — createwiki
  CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it. 2024-03-26 4.9 CVE-2024-29883
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com miraheze — createwiki
  CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request’s entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. 2024-03-28 4.9 CVE-2024-29897
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com miraheze — createwiki
  CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c. 2024-03-28 4.9 CVE-2024-29898
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com molongui — molongui

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7. 2024-03-27 6.5 CVE-2024-29764
audit@patchstack.com motopress — stratum

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15. 2024-03-27 6.5 CVE-2024-29914
audit@patchstack.com moveaddons — move_addons_for_elementor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.2.9. 2024-03-27 6.5 CVE-2024-29920
audit@patchstack.com muffingroup — betheme
  Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. 2024-03-25 5.4 CVE-2022-45351
audit@patchstack.com muffingroup — betheme
  Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. 2024-03-25 5.4 CVE-2022-45352
audit@patchstack.com muffingroup — betheme
  Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. 2024-03-25 5.4 CVE-2022-45356
audit@patchstack.com muffingroup — betheme
  Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. 2024-03-25 4.3 CVE-2022-45349
audit@patchstack.com multivendorx — wc_marketplace

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MultiVendorX WC Marketplace allows Stored XSS.This issue affects WC Marketplace: from n/a through 4.1.3. 2024-03-29 6.5 CVE-2024-30433
audit@patchstack.com munirkamal — gutenberg_block_editor_toolkit_-_editorskit
  The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘editorskit’ shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-2794
security@wordfence.com
security@wordfence.com n/a — compact_wp_audio_player

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9. 2024-03-27 6.5 CVE-2024-29917
audit@patchstack.com n/a — portfolio_gallery_-_image_gallery_plugin

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6. 2024-03-27 6.5 CVE-2024-29769
audit@patchstack.com n/a — qdrant
  A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611. 2024-03-29 5.5 CVE-2024-3078
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — wp-crm_system
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9. 2024-03-29 5.9 CVE-2024-30434
audit@patchstack.com netentsec — ns-asg_application_security_gateway

 

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-28 6.3 CVE-2024-3040
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway

 

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-28 6.3 CVE-2024-3041
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netty — netty
  Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final. 2024-03-25 5.3 CVE-2024-29025
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com netweblogic — events_manager_-_calendar_bookings_tickets_and_more!
  The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-28 6.4 CVE-2024-2111
security@wordfence.com
security@wordfence.com netweblogic — events_manager_-_calendar_bookings_tickets_and_more!
  The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-28 4.3 CVE-2024-2110
security@wordfence.com
security@wordfence.com nickys — image_map_pro
  Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9. 2024-03-28 6.1 CVE-2022-45850
audit@patchstack.com niteothemes — cmp_-_coming_soon_&_maintenance
  Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10. 2024-03-28 5.5 CVE-2023-50374
audit@patchstack.com nuuo — camera
  A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258197 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-27 5.4 CVE-2024-2995
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver
  NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure. 2024-03-27 6.1 CVE-2024-0075
psirt@nvidia.com nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver
  NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service. 2024-03-27 6.5 CVE-2024-0078
psirt@nvidia.com nvidia — vgpu_driver,_cloud_gaming_driver
  NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service. 2024-03-27 6.5 CVE-2024-0079
psirt@nvidia.com oceanwp — oceanwp
  The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys. 2024-03-29 4.3 CVE-2024-2476
security@wordfence.com
security@wordfence.com oroinc — orocommerce
  OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4. 2024-03-25 4.3 CVE-2023-48296
security-advisories@github.com
security-advisories@github.com oroinc — platform
  OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4. 2024-03-25 4.3 CVE-2023-45824
security-advisories@github.com
security-advisories@github.com paid_memberships_pro — paid_memberships_pro_-_payfast_gateway_add_on
  Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1. 2024-03-29 5.3 CVE-2024-30514
audit@patchstack.com patrick_posner — simply_static
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3. 2024-03-27 5.9 CVE-2024-30178
audit@patchstack.com peepso — community_by_peepso
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0. 2024-03-26 5.3 CVE-2023-27630
audit@patchstack.com peepso — community_by_peepso
  Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. 2024-03-28 5.3 CVE-2024-25923
audit@patchstack.com petri_damstén — fullscreen_galleria

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11. 2024-03-27 6.5 CVE-2024-29801
audit@patchstack.com phpgurukul — emergency_ambulance_hiring_portal
  A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability. 2024-03-30 4.3 CVE-2024-3084
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com phpgurukul — emergency_ambulance_hiring_portal
  A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679. 2024-03-30 4.3 CVE-2024-3086
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com phpgurukul — emergency_ambulance_hiring_portal
  A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability. 2024-03-30 4.3 CVE-2024-3089
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com pimcore — pimcore

 

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1. 2024-03-26 6.5 CVE-2024-29197
security-advisories@github.com
security-advisories@github.com piotnet — piotnet_addons_for_elementor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25. 2024-03-27 6.5 CVE-2024-29934
audit@patchstack.com pixelite — events_manager
  Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. 2024-03-28 4.3 CVE-2024-30421
audit@patchstack.com plainware — locatoraid_store_locator
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30. 2024-03-27 5.9 CVE-2024-30181
audit@patchstack.com pluginops — landing_page_builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PluginOps Landing Page Builder allows Stored XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.7. 2024-03-29 5.9 CVE-2024-30452
audit@patchstack.com podlove — podlove_web_player

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1. 2024-03-27 6.5 CVE-2024-29788
audit@patchstack.com poll_maker_&_voting_plugin_team_(infotheme) — wp_poll_maker
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1. 2024-03-27 5.9 CVE-2024-29818
audit@patchstack.com posimyththemes — the_plus_addons_for_elementor
  The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-03-27 6.4 CVE-2024-2203
security@wordfence.com
security@wordfence.com posimyththemes — the_plus_addons_for_elementor
  The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-03-27 6.4 CVE-2024-2210
security@wordfence.com
security@wordfence.com propertyhive — propertyhive
  Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6. 2024-03-26 4.3 CVE-2024-24718
audit@patchstack.com quantum_cloud — slider_hero
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1. 2024-03-27 5.9 CVE-2024-29922
audit@patchstack.com realmag777 — bear
  Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. 2024-03-29 4.3 CVE-2024-30463
audit@patchstack.com realmag777 — husky_-_products_filter_for_woocommerce_(formerly_woof)
  Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. 2024-03-29 4.3 CVE-2024-30462
audit@patchstack.com realmag777 — woocs_-_woocommerce_currency_switcher
  Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7. 2024-03-29 4.3 CVE-2024-30458
audit@patchstack.com realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. 2024-03-27 6.5 CVE-2024-29906
audit@patchstack.com realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. 2024-03-27 6.5 CVE-2024-29932
audit@patchstack.com realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)
  Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1. 2024-03-29 4.3 CVE-2024-30457
audit@patchstack.com realmag777 — wpcs
  Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1. 2024-03-29 4.3 CVE-2024-30456
audit@patchstack.com rednao — pdf_builder_for_wpforms

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88. 2024-03-27 6.5 CVE-2024-29820
audit@patchstack.com reviewx — reviewx

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. 2024-03-27 6.5 CVE-2024-29812
audit@patchstack.com rockwell_automation — arena_simulation
  A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. 2024-03-26 4.4 CVE-2024-21920
PSIRT@rockwellautomation.com rockwell_automation — factorytalk-_view_me
  A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelViewâ„¢ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelViewâ„¢ product. 2024-03-25 5.3 CVE-2024-21914
PSIRT@rockwellautomation.com ruijie — rg-eg350

 

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-26 6.3 CVE-2024-2910
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com saleor — saleor
  Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. 2024-03-27 4.2 CVE-2024-29888
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com seraphinite_solutions — seraphinite_accelerator

 

Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47. 2024-03-28 5.3 CVE-2024-22138
audit@patchstack.com serverpod — serverpod
  Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6. 2024-03-27 5.3 CVE-2024-29886
security-advisories@github.com
security-advisories@github.com servit_software_solutions — affiliate-toolkit

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5. 2024-03-27 6.5 CVE-2024-29817
audit@patchstack.com shanghai_brad_technology — bladex

 

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-28 6.3 CVE-2024-3039
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sharethis — sharethis_dashboard_for_google_analytics
  Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. 2024-03-25 5.4 CVE-2022-45851
audit@patchstack.com simple_sponsorships — sponsors

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Simple Sponsorships Sponsors allows Stored XSS.This issue affects Sponsors: from n/a through 3.5.1. 2024-03-29 6.5 CVE-2024-30483
audit@patchstack.com sinaextra — sina_extension_for_elementor

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0. 2024-03-27 6.5 CVE-2024-29935
audit@patchstack.com snp_digital — salesking
  Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. 2024-03-26 6.5 CVE-2024-22156
audit@patchstack.com softlab — dracula_dark_mode_-_the_revolutionary_dark_mode_plugin_for_wordpress

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoftLab Dracula Dark Mode – The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode – The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8. 2024-03-27 6.5 CVE-2024-29771
audit@patchstack.com softlab — radio_player

 

Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. 2024-03-26 6.5 CVE-2024-2906
audit@patchstack.com softlab — radio_player

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. 2024-03-27 6.5 CVE-2024-29811
audit@patchstack.com sourcecodester — online_chatting_system

 

A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012. 2024-03-27 6.3 CVE-2024-2932
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — simple_subscription_website

 

A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258300. 2024-03-28 6.3 CVE-2024-3014
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — simple_subscription_website

 

A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability. 2024-03-28 6.3 CVE-2024-3015
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — simple_subscription_website

 

A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431. 2024-03-28 6.3 CVE-2024-3042
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — todo_list_in_kanban_board

 

A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability. 2024-03-27 6.3 CVE-2024-2934
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sparkle_wp — educenter
  Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. 2024-03-25 4.3 CVE-2023-30480
audit@patchstack.com specialk — simple_ajax_chat_-_add_a_fast_secure_chat_box
  The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-03-27 4.4 CVE-2024-2956
security@wordfence.com
security@wordfence.com squirrly — seo_plugin_by_squirrly_seo
  Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20. 2024-03-25 6.3 CVE-2022-44626
audit@patchstack.com step-byte-service_gmbh — openstreetmap_for_gutenberg_and_wpbakery_page_builder_(formerly_visual_composer)

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer): from n/a through 1.1.1. 2024-03-29 6.5 CVE-2024-30450
audit@patchstack.com stormhill_media — mybooktable_bookstore

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7. 2024-03-27 6.5 CVE-2024-29772
audit@patchstack.com streamweasels — streamweasels_twitch_integration

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5. 2024-03-27 6.5 CVE-2024-29766
audit@patchstack.com supsystic — photo_gallery_by_supsystic
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16. 2024-03-27 5.9 CVE-2024-29921
audit@patchstack.com supsystic — slider_by_supsystic
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10. 2024-03-29 5.9 CVE-2024-30448
audit@patchstack.com swift-server — swift-prometheus
  Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format — including creating unbounded numbers of stored metrics, inflating server memory usage, or causing “bogus” metrics. This vulnerability is fixed in2.0.0-alpha.2. 2024-03-29 5.9 CVE-2024-28867
security-advisories@github.com
security-advisories@github.com syam_mohan — wpfront_notification_bar
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2. 2024-03-27 5.9 CVE-2024-29819
audit@patchstack.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29227
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29230
security@synology.com synology — surveillance_station
  Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. 2024-03-28 5.4 CVE-2024-29231
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29232
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29233
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29234
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29235
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29236
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29237
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29238
security@synology.com synology — surveillance_station
  Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. 2024-03-28 5.4 CVE-2024-29239
security@synology.com synology — surveillance_station
  Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. 2024-03-28 4.3 CVE-2024-29240
security@synology.com team_heateor — fancy_comments_wordpress

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. 2024-03-27 6.5 CVE-2024-29804
audit@patchstack.com technocrackers — christmas_greetings
  The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-29 6.1 CVE-2024-2116
security@wordfence.com
security@wordfence.com tenda — ac7
  A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-26 6.3 CVE-2024-2897
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tenda — fh1202
  A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-27 5.5 CVE-2024-2982
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tenda — fh1205

 

A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-28 6.3 CVE-2024-3009
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com the_beaver_builder_team — beaver_builder

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.7.4.4. 2024-03-29 6.5 CVE-2024-30425
audit@patchstack.com themehunk — advance_wordpress_search_plugin
  Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. 2024-03-25 6.5 CVE-2022-38057
audit@patchstack.com themeisle — multiple_page_generator_plugin_-_mpg
  Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. 2024-03-26 4.3 CVE-2024-30235
audit@patchstack.com themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
  The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘id’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-29 6.4 CVE-2024-2841
security@wordfence.com
security@wordfence.com themekraft — buddyforms
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5. 2024-03-27 5.8 CVE-2024-30198
audit@patchstack.com themelocation — custom_woocommerce_checkout_fields_editor
  Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. 2024-03-29 4.3 CVE-2024-30518
audit@patchstack.com themeum — tutor_lms_elementor_addons

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3. 2024-03-27 6.5 CVE-2024-29913
audit@patchstack.com themify — themify_event_post
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7. 2024-03-29 5.9 CVE-2024-30440
audit@patchstack.com themifyme — themify_shortcodes
  The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-26 5.4 CVE-2024-2732
security@wordfence.com
security@wordfence.com thimpress — wp_hotel_booking
  Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. 2024-03-29 6.5 CVE-2024-30508
audit@patchstack.com thorsten — phpmyfaq
  phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ’s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP’s `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user’s phpMyFAQ session. This vulnerability is fixed in 3.2.6. 2024-03-25 5.5 CVE-2024-27300
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com thorsten — phpmyfaq
  phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6. 2024-03-25 4.3 CVE-2024-28106
security-advisories@github.com
security-advisories@github.com thorsten — phpmyfaq
  phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn’t check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6. 2024-03-25 4.7 CVE-2024-28108
security-advisories@github.com
security-advisories@github.com tianjin — publicms
  A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257979. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-26 4.3 CVE-2024-2911
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tinymce — tinymce
  TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1. 2024-03-26 4.3 CVE-2024-29203
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com tinymce — tinymce
  TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0. 2024-03-26 4.3 CVE-2024-29881
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com tsina — news_wall
  The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwap_newslist_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and modify news lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-29 4.3 CVE-2024-2970
security@wordfence.com
security@wordfence.com tumult_inc — tumult_hype_animations
  Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.11. 2024-03-29 4.3 CVE-2024-30460
audit@patchstack.com uncanny_owl — uncanny_toolkit_for_learndash
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. 2024-03-27 4.7 CVE-2023-34020
audit@patchstack.com unitecms — unlimited_elements_for_elementor_(free_widgets,_addons,_templates)
  The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., ‘Button Link’) in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-0367
security@wordfence.com
security@wordfence.com uriahs_victor — location_picker_at_checkout_for_woocommerce
  Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. 2024-03-26 4.3 CVE-2024-24719
audit@patchstack.com veronalabs — wp_sms
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. 2024-03-27 6.5 CVE-2024-25920
audit@patchstack.com veronalabs — wp_sms
  Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2. 2024-03-29 4.3 CVE-2024-30454
audit@patchstack.com vinoth06. — frontend_dashboard

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1. 2024-03-27 6.5 CVE-2024-29775
audit@patchstack.com voidcoders — void_contact_form_7_widget_for_elementor_page_builder
  Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3. 2024-03-26 4.3 CVE-2023-52214
audit@patchstack.com walter_pinem — oneclick_chat_to_order

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5. 2024-03-27 6.5 CVE-2024-29789
audit@patchstack.com wc_lovers — wcfm_-_frontend_manager_for_woocommerce
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8. 2024-03-27 5.9 CVE-2024-29929
audit@patchstack.com weblizar — lightbox_slider_-_responsive_lightbox_gallery
  The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-03-29 5.4 CVE-2024-1858
security@wordfence.com
security@wordfence.com webtechstreet — elementor_addon_elements
  The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-28 5.4 CVE-2024-2091
security@wordfence.com
security@wordfence.com
security@wordfence.com webtoffee — import_export_wordpress_users
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. 2024-03-29 4.3 CVE-2024-30492
audit@patchstack.com wedevs — woocommerce_conversion_tracking
  Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. 2024-03-26 4.3 CVE-2024-24711
audit@patchstack.com wholesale_team — wholesalex

 

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. 2024-03-26 6.5 CVE-2024-30233
audit@patchstack.com wholesale_team — wholesalex

 

Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. 2024-03-26 6.5 CVE-2024-30234
audit@patchstack.com woocommerce — woocommerce_box_office
  Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. 2024-03-26 6.5 CVE-2024-24799
audit@patchstack.com woocommerce — woocommerce_stripe_payment_gateway
  Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. 2024-03-27 5.4 CVE-2023-44999
audit@patchstack.com workos — authkit-nextjs
  The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2. 2024-03-29 4.8 CVE-2024-29901
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com wp_darko — grid_shortcodes

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1. 2024-03-27 6.5 CVE-2024-29797
audit@patchstack.com wp_email_newsletter_team_-_fluentcrm — fluent_crm
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Email Newsletter Team – FluentCRM Fluent CRM allows Stored XSS.This issue affects Fluent CRM: from n/a through 2.8.44. 2024-03-29 5.9 CVE-2024-30430
audit@patchstack.com wp_lab — wp-lister_lite_for_amazon
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.11. 2024-03-26 5.9 CVE-2024-2889
audit@patchstack.com wp_sunshine — sunshine_photo_cart
  Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. 2024-03-28 5.4 CVE-2024-30221
audit@patchstack.com wp_swings — points_and_rewards_for_woocommerce
  Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. 2024-03-25 6.5 CVE-2023-27608
audit@patchstack.com wpassist.me — wordpress_countdown_widget
  Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. 2024-03-27 6.1 CVE-2022-45847
audit@patchstack.com wpexperts — wholesale_for_woocommerce
  Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. 2024-03-29 5.3 CVE-2024-30469
audit@patchstack.com wppool — webinar_and_video_conference_with_jitsi_meet

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3. 2024-03-29 6.5 CVE-2024-30437
audit@patchstack.com wpvibes — elementor_addon_elements

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. 2024-03-28 6.5 CVE-2024-30422
audit@patchstack.com wpwax — post_grid_slider_&_carousel_ultimate

 

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6. 2024-03-27 6.5 CVE-2024-29925
audit@patchstack.com xpeedstudio — elementskit_elementor_addons
  The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-30 6.4 CVE-2024-1238
security@wordfence.com
security@wordfence.com xpro — 140+_widgets_|_best_addons_for_elementor_-_free
  The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-29 6.4 CVE-2024-2250
security@wordfence.com
security@wordfence.com zephyrproject-rtos — zephyr
  An malicious BLE device can crash BLE victim device by sending malformed gatt packet 2024-03-29 6.8 CVE-2024-3077
vulnerabilities@zephyrproject.org zionbuilder.io — wordpress_page_builder_-_zion_builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zionbuilder.Io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.9. 2024-03-29 5.9 CVE-2024-30444
audit@patchstack.com zitadel — zitadel

 

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17. 2024-03-27 6.1 CVE-2024-29892
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com



Source link
lol

10web — photogallery   The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.…

Leave a Reply

Your email address will not be published. Required fields are marked *