Vulnerability Summary for the Week of April 8, 2024 | CISA


10web — form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder
  The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures. 2024-04-09 5.9 CVE-2024-2112
security@wordfence.com
security@wordfence.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-20778
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-20779
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-20780
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26046
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26047
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26076
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26079
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26084
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26087
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26097
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26098
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-04-10 5.4 CVE-2024-26122
psirt@adobe.com adobe — after_effects
  After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-04-10 5.5 CVE-2024-20737
psirt@adobe.com adobe — animate
  Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause a system crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-04-11 5.5 CVE-2024-20794
psirt@adobe.com adobe — animate
  Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-04-11 5.5 CVE-2024-20796
psirt@adobe.com adobe — bridge
  Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-04-11 5.5 CVE-2024-20771
psirt@adobe.com adobe — illustrator
  Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-04-11 5.5 CVE-2024-20798
psirt@adobe.com adobe — indesign_desktop
  InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-04-10 5.5 CVE-2024-20766
psirt@adobe.com adobe — photoshop_desktop
  Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-04-10 5.5 CVE-2024-20770
psirt@adobe.com aerin — loan_repayment_calculator_and_application_form
  Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4. 2024-04-12 5.4 CVE-2024-31263
audit@patchstack.com alex_tselegidis — easy!appointments
  Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2. 2024-04-11 6.3 CVE-2023-32295
audit@patchstack.com aminur_islam — wp_login_and_logout_redirect
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2. 2024-04-11 5.9 CVE-2024-31927
audit@patchstack.com appcheap.io — app_builder
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. 2024-04-10 4.7 CVE-2024-31282
audit@patchstack.com apppresser_team — apppresser
  Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. 2024-04-12 4.3 CVE-2024-31268
audit@patchstack.com arnan_de_gans — no-bot_registration
  Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. 2024-04-12 4.3 CVE-2024-31372
audit@patchstack.com athemes — sydney_toolbox
  The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3208
security@wordfence.com
security@wordfence.com automatic1111 — stable-diffusion-webui
  stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access. 2024-04-12 6.3 CVE-2024-31462
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com automattic — woocommerce
  Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. 2024-04-07 4.3 CVE-2024-22155
audit@patchstack.com automattic — wp_job_manager
  Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0. 2024-04-12 5.3 CVE-2023-52211
audit@patchstack.com ayecode_ltd — userswp
  Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. 2024-04-11 5.4 CVE-2024-31936
audit@patchstack.com bdthemes — element_pack_elementor_addons_(header_footer,_template_library,_dynamic_grid_&_carousel,_remote_arrows)
  The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details. 2024-04-11 5.3 CVE-2024-2966
security@wordfence.com
security@wordfence.com bdthemes — prime_slider_-_addons_for_elementor
  Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. 2024-04-11 4.3 CVE-2024-24883
audit@patchstack.com bdthemes — ultimate_store_kit_elementor_addons
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2. 2024-04-08 6.5 CVE-2024-31357
audit@patchstack.com beaver_builder — beaver_themer
  The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2023-6694
security@wordfence.com
security@wordfence.com beaver_builder — beaver_themer
  The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the ‘wpbb’ shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values. 2024-04-09 6.5 CVE-2023-6695
security@wordfence.com
security@wordfence.com bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-04-09 6.1 CVE-2024-2200
security@wordfence.com
security@wordfence.com bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress
  The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-04-09 6.1 CVE-2024-2198
security@wordfence.com
security@wordfence.com bfintal — stackable_-_page_builder_gutenberg_blocks
  The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2039
security@wordfence.com
security@wordfence.com blazethemes — newsmatic
  The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the ‘newsmatic_filter_posts_load_tab_content’. This makes it possible for unauthenticated attackers to view draft posts and post content. 2024-04-09 5.3 CVE-2024-1587
security@wordfence.com
security@wordfence.com blocksmarket — gradient_text_widget_for_elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1. 2024-04-07 6.5 CVE-2024-31346
audit@patchstack.com bogdanfix — wp_sendfox
  Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. 2024-04-11 5.4 CVE-2024-27970
audit@patchstack.com boldthemes — bold_page_builder
  The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-2734
security@wordfence.com
security@wordfence.com boldthemes — bold_page_builder
  The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price List’ element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-2735
security@wordfence.com
security@wordfence.com boldthemes — bold_page_builder
  The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-2736
security@wordfence.com
security@wordfence.com boldthemes — bold_page_builder
  The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3266
security@wordfence.com
security@wordfence.com boldthemes — bold_page_builder
  The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3267
security@wordfence.com
security@wordfence.com boldthemes — bold_page_builder
  The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s “Separator” element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 5.4 CVE-2024-2733
security@wordfence.com
security@wordfence.com bosch — ams
  A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. 2024-04-11 4.6 CVE-2023-32228
psirt@bosch.com bracketspace — advanced_cron_manager_-_debug_&_control
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2. 2024-04-11 5.9 CVE-2024-31926
audit@patchstack.com bracketspace — simple_post_notes
  Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. 2024-04-11 4.3 CVE-2024-31935
audit@patchstack.com bradvin — best_wordpress_gallery_plugin_-_foogallery
  The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2081
security@wordfence.com
security@wordfence.com
security@wordfence.com brainstormforce — astra
  The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2347
security@wordfence.com
security@wordfence.com brainstormforce — cards_for_beaver_builder
  The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2305
security@wordfence.com
security@wordfence.com brainstormforce — spectra_-_wordpress_gutenberg_blocks
  The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2023-6486
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com brechtvds — wp_recipe_maker
  The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 4.4 CVE-2024-1571
security@wordfence.com
security@wordfence.com bricksforge — bricksforge
  Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. 2024-04-10 5.3 CVE-2024-31242
audit@patchstack.com britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features
  The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled. 2024-04-09 4.4 CVE-2024-0598
security@wordfence.com
security@wordfence.com
security@wordfence.com britner — gutenberg_blocks_by_kadence_blocks_page_builder_features
  The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget’s anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1999
security@wordfence.com
security@wordfence.com
security@wordfence.com bunny.net — bunny.net
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1. 2024-04-11 5.9 CVE-2024-31361
audit@patchstack.com byzoro — smart_s80_management_platform
  A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-09 4.7 CVE-2024-3521
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — church_management_system
  A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability. 2024-04-10 6.3 CVE-2024-3536
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — church_management_system
  A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907. 2024-04-10 6.3 CVE-2024-3537
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — church_management_system
  A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908. 2024-04-10 6.3 CVE-2024-3538
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — church_management_system
  A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability. 2024-04-10 6.3 CVE-2024-3539
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — church_management_system
  A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259910 is the identifier assigned to this vulnerability. 2024-04-10 6.3 CVE-2024-3540
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — house_rental_management_system
  A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483. 2024-04-12 6.3 CVE-2024-3696
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — house_rental_management_system
  A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484. 2024-04-12 6.3 CVE-2024-3697
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — house_rental_management_system
  A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability. 2024-04-12 6.3 CVE-2024-3698
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — house_rental_management_system
  A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571. 2024-04-13 6.3 CVE-2024-3719
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_event_management_system
  A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability. 2024-04-09 6.3 CVE-2024-3522
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_event_management_system
  A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability. 2024-04-09 6.3 CVE-2024-3523
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com catch_plugins — generate_child_theme
  Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. 2024-04-12 5.4 CVE-2024-31279
audit@patchstack.com celomitan — gum_elementor_addon
  The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2348
security@wordfence.com
security@wordfence.com
security@wordfence.com clavaque — s2member_-_best_membership_plugin_for_all_kinds_of_memberships_content_restriction_paywalls_&_member_access_subscriptions
  The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages. 2024-04-09 5.3 CVE-2024-0899
security@wordfence.com
security@wordfence.com coded_commerce,_llc — benchmark_email_lite
  Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. 2024-04-12 4.3 CVE-2024-31360
audit@patchstack.com codepeople — contact_form_email
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. 2024-04-10 5.3 CVE-2024-31302
audit@patchstack.com collizo4sky — paid_membership_plugin_ecommerce,_user_registration_form,_login_form_user_profile_&_restrict_content_-_profilepress
  The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘reg-single-checkbox’ shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-3210
security@wordfence.com
security@wordfence.com colorlibplugins — fancybox_for_wordpress
  The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-04-09 4.4 CVE-2024-0662
security@wordfence.com
security@wordfence.com connekthq — wordpress_infinite_scroll_-_ajax_load_more
  The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the ‘type’ parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances. 2024-04-09 4.9 CVE-2024-1790
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com contao — contao
  Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users. 2024-04-09 5.4 CVE-2024-28190
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com contao — contao
  Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable “Allow auto login” in the login module. 2024-04-09 5.9 CVE-2024-30262
security-advisories@github.com
security-advisories@github.com contao — contao
  Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments. 2024-04-09 4.3 CVE-2024-28234
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com convertkit — convertkit
  Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. 2024-04-10 5.3 CVE-2024-31245
audit@patchstack.com cp_plus — wi-fi_camera
  A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-08 5.4 CVE-2024-3434
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com creativeminds — invitation_code_content_restriction_plugin_from_creativeminds
  The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-04-09 6.1 CVE-2022-4965
security@wordfence.com
security@wordfence.com creativethemes — blocksy_companion
  Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. 2024-04-11 5.4 CVE-2024-31932
audit@patchstack.com cssigniterteam — elements_plus!
  The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2335
security@wordfence.com
security@wordfence.com cym1102 — nginxwebui
  A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability. 2024-04-13 6.3 CVE-2024-3739
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com cym1102 — nginxwebui
  A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579. 2024-04-13 6.3 CVE-2024-3740
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com cym1102 — nginxwebui
  A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575. 2024-04-13 4.3 CVE-2024-3736
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com danieliser — popup_maker_-_popup_for_opt-ins_lead_gen_&_more
  The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2336
security@wordfence.com
security@wordfence.com dataease — dataease
  DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform’s database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading. 2024-04-08 5.3 CVE-2024-30269
security-advisories@github.com
security-advisories@github.com dell — alienware_command_center_(awcc)
  Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. 2024-04-10 6.7 CVE-2024-0159
security_alert@emc.com dell — cpg_bios
  Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. 2024-04-10 4.7 CVE-2024-22448
security_alert@emc.com dell — dell_storage_resource_manager
  Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user’s application session. 2024-04-12 5.9 CVE-2024-0157
security_alert@emc.com devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor)
  The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1960
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor)
  The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2946
security@wordfence.com
security@wordfence.com devowl — real_media_library:_media_library_folder_&_file_manager
  The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2027
security@wordfence.com
security@wordfence.com dfactory — post_views_counter
  Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. 2024-04-12 4.3 CVE-2024-31264
audit@patchstack.com dglingren — media_library_assistant
  The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-04-09 6.4 CVE-2024-2871
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com digitalbazaar — zcap
  `@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time. 2024-04-10 4.3 CVE-2024-31995
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com easy_digital_downloads — easy_digital_downloads
  Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. 2024-04-12 4.3 CVE-2024-31293
audit@patchstack.com ecwid — ecwid_ecommerce_shopping_cart
  The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2456
security@wordfence.com
security@wordfence.com elbanyaoui — woocommerce_clover_payment_gateway
  The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid. 2024-04-09 5.3 CVE-2024-0626
security@wordfence.com
security@wordfence.com
security@wordfence.com elementor — hello_elementor
  Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. 2024-04-12 4.3 CVE-2024-31289
audit@patchstack.com elemntor — elementor_website_builder_-_more_than_just_a_page_builder
  The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2117
security@wordfence.com
security@wordfence.com elextensions — elex_woocommerce_dynamic_pricing_and_discounts
  Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. 2024-04-12 4.3 CVE-2024-31364
audit@patchstack.com envato — template_kit_-_import
  The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2334
security@wordfence.com
security@wordfence.com
security@wordfence.com exactly_www — ewww_image_optimizer
  Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. 2024-04-10 4.3 CVE-2024-31924
audit@patchstack.com expresstech — quiz_and_survey_master
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. 2024-04-11 5.9 CVE-2024-27966
audit@patchstack.com faktor_vier — f4_improvements
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0. 2024-04-11 5.9 CVE-2024-31925
audit@patchstack.com fetch_designs — sign-up_sheets
  Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1. 2024-04-12 4.3 CVE-2024-31303
audit@patchstack.com formsite — formsite_|_embed_online_forms_to_collect_orders_registrations_leads_and_surveys
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6. 2024-04-07 6.5 CVE-2024-31257
audit@patchstack.com fortinet — fortimanager
  A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. 2024-04-09 6.7 CVE-2023-47542
psirt@fortinet.com fortinet — fortios
  A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. 2024-04-09 6.7 CVE-2023-48784
psirt@fortinet.com fortinet — fortios
  An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. 2024-04-09 5.3 CVE-2024-23662
psirt@fortinet.com fortinet — fortisandbox
  An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI. 2024-04-09 6.7 CVE-2023-47540
psirt@fortinet.com fortinet — fortisandbox
  An improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI. 2024-04-09 6.7 CVE-2023-47541
psirt@fortinet.com fortinet — fortisandbox
  A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. 2024-04-09 5.9 CVE-2024-31487
psirt@fortinet.com fr-d-ric_gilles — fg_drupal_to_wordpress
  Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. 2024-04-10 5.3 CVE-2024-31247
audit@patchstack.com getbowtied — shopkeeper_extender
  The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘image_slide’ shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-12 6.4 CVE-2024-2801
security@wordfence.com
security@wordfence.com gitlab — gitlab
  A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature. 2024-04-12 4.3 CVE-2023-6489
cve@gitlab.com
cve@gitlab.com gitlab — gitlab
  An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. 2024-04-12 4.3 CVE-2023-6678
cve@gitlab.com
cve@gitlab.com givewp — givewp
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. 2024-04-12 5.9 CVE-2022-40211
audit@patchstack.com gn_themes — wp_shortcodes_plugin_-_shortcodes_ultimate
  The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘note_color’ shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3512
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com hcl_software — bigfix_enterprise_suite_asset_discovery
  The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry. 2024-04-08 6.6 CVE-2024-23584
psirt@hcl.com hidekazu_ishikawa — x-t9
  Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1. 2024-04-10 4.3 CVE-2024-31386
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com i_thirteen_web_solution — wp_responsive_tabs_horizontal_vertical_and_accordion_tabs
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. 2024-04-11 6.5 CVE-2024-27989
audit@patchstack.com ibm — qradar_siem
  IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. 2024-04-11 5.9 CVE-2023-50949
psirt@us.ibm.com
psirt@us.ibm.com ibm — security_verify_access_appliance
  IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. 2024-04-10 6.2 CVE-2024-31874
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_b2b_integrator
  IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. 2024-04-12 5.4 CVE-2023-50307
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_b2b_integrator
  IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. 2024-04-12 5.4 CVE-2024-22357
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_b2b_integrator
  IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691. 2024-04-12 4.8 CVE-2023-45186
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_file_gateway
  IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. 2024-04-12 4.8 CVE-2023-47714
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_defender
  IBM Storage Defender – Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986. 2024-04-12 6.4 CVE-2024-27261
psirt@us.ibm.com
psirt@us.ibm.com ibm — urbancode_deploy
  IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896. 2024-04-12 6.3 CVE-2024-22358
psirt@us.ibm.com
psirt@us.ibm.com ibm — urbancode_deploy
  IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. 2024-04-12 6.1 CVE-2024-22359
psirt@us.ibm.com
psirt@us.ibm.com ibm — urbancode_deploy
  IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974. 2024-04-12 4.4 CVE-2024-22334
psirt@us.ibm.com
psirt@us.ibm.com ibm — urbancode_deploy
  IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979. 2024-04-12 4.3 CVE-2024-22339
psirt@us.ibm.com
psirt@us.ibm.com ideaboxcreations — powerpack_addons_for_elementor_(free_widgets_extensions_and_templates)
  The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2492
security@wordfence.com
security@wordfence.com ideaboxcreations — powerpack_lite_for_beaver_builder
  The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2289
security@wordfence.com
security@wordfence.com j_3rk — video_conferencing_with_zoom
  The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site. 2024-04-09 4.3 CVE-2024-2033
security@wordfence.com
security@wordfence.com jackdewey — link_library
  The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-04-09 6.1 CVE-2024-2325
security@wordfence.com
security@wordfence.com jcodex — woocommerce_checkout_field_editor_(checkout_manager)
  Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. 2024-04-12 5.4 CVE-2024-31262
audit@patchstack.com jetmonsters — getwid_-_gutenberg_blocks
  The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1948
security@wordfence.com
security@wordfence.com jetmonsters — jetwidgets_for_elementor
  The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2138
security@wordfence.com
security@wordfence.com jetmonsters — jetwidgets_for_elementor
  The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2507
security@wordfence.com
security@wordfence.com joel_hardi — user_spam_remover
  Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. 2024-04-10 5.3 CVE-2024-31298
audit@patchstack.com joomunited — wp_media_folder
  Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. 2024-04-11 5.4 CVE-2024-25907
audit@patchstack.com joomunited — wp_media_folder
  Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. 2024-04-11 4.3 CVE-2024-25908
audit@patchstack.com jtermaat — 360_javascript_viewer
  The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings. 2024-04-09 4.3 CVE-2024-1637
security@wordfence.com
security@wordfence.com
security@wordfence.com julien_berthelot_/_mpembed.com — wp_matterport_shortcode
  Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8. 2024-04-11 4.3 CVE-2024-32109
audit@patchstack.com juniper_networks — junos_os_evolved
  A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. 2024-04-12 6.5 CVE-2024-30403
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os_evolved
  An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. 2024-04-12 5.3 CVE-2024-21590
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os_evolved
  An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn’t consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved: All versions before 21.4R3-S4-EVO, 22.1-EVO versions before 22.1R3-S3-EVO, 22.2-EVO versions before 22.2R3-S2-EVO,  22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO. 2024-04-12 5.3 CVE-2024-30390
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os_evolved
  A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.  This issue does not affect releases before 23.1R1-EVO. 2024-04-12 5.5 CVE-2024-30406
sirt@juniper.net
sirt@juniper.net
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2. 2024-04-12 6.5 CVE-2024-21593
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4. 2024-04-12 6.5 CVE-2024-21605
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command:   user@host> show system processes extensive | grep iked           PID USERNAME   PRI NICE   SIZE   RES   STATE   C TIME WCPU COMMAND           56903 root       31   0     4016M 2543M CPU0   0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. 2024-04-12 6.5 CVE-2024-21609
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4,  * from 22.1 before 22.1R3-S4,  * from 22.2 before 22.2R3-S2,  * from 22.3 before 22.3R2-S2, 22.3R3-S1,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO,  * from 22.1-EVO before 22.1R3-S4-EVO,  * from 22.2-EVO before 22.2R3-S2-EVO,  * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO. 2024-04-12 6.5 CVE-2024-21618
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: All versions before 20.4R3-S9, 21.2 versions before 21.2R3-S5,  21.3 versions before 21.3R3-S5,  21.4 versions before 21.4R3-S4, 22.1 versions before 22.1R3-S2, 22.2 versions before 22.2R3-S2, 22.3 versions before 22.3R2-S2, 22.3R3, 22.4 versions before 22.4R2. 2024-04-12 6.5 CVE-2024-30387
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3. 2024-04-12 6.5 CVE-2024-30388
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can’t be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command:   user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. 2024-04-12 5.3 CVE-2024-21610
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7,  * from 21.4 before 21.4R3-S5,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R1-S2. Junos OS Evolved:  * all versions before 21.2R3-S7-EVO,  * from 21.3 before 21.3R3-S5-EVO,  * from 21.4 before 21.4R3-S5-EVO,  * from 22.1 before 22.1R3-S5-EVO,  * from 22.2 before 22.2R3-S3-EVO,  * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO,  * from 23.2 before 23.2R1-S2. 2024-04-12 5 CVE-2024-21615
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os

 

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers.  This issue affects Junos OS:  All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6. 2024-04-12 5.5 CVE-2024-30384
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os

 

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS:  * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved:  * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO,  * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO. 2024-04-12 5.3 CVE-2024-30386
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn’t recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1. 2024-04-12 5.8 CVE-2024-30389
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2;  This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4. 2024-04-12 5.9 CVE-2024-30401
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO. 2024-04-12 5.9 CVE-2024-30402
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.  This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved:  * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO. 2024-04-12 5.3 CVE-2024-30409
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_os
  A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: All versions before 20.4R3-S7, 21.1 versions before 21.1R3,  21.2 versions before 21.2R2-S1, 21.2R3,  21.3 versions before 21.3R1-S2, 21.3R2. 2024-04-12 4.8 CVE-2024-30391
sirt@juniper.net
sirt@juniper.net juniper_networks — junos_
  An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter.  This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability.  This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6.  2024-04-12 5.8 CVE-2024-30410
sirt@juniper.net
sirt@juniper.net junkcoder,_ristoniinemets — ajax_thumbnail_rebuild
  Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. 2024-04-11 4.3 CVE-2022-47604
audit@patchstack.com kekotron — ai_post_generator_|_autowriter
  The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. 2024-04-09 6.3 CVE-2024-1850
security@wordfence.com
security@wordfence.com
security@wordfence.com khl32 — font_farsi
  The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-04-09 4.4 CVE-2024-3093
security@wordfence.com
security@wordfence.com kurudrive — vk_all_in_one_expansion_unit
  The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content. 2024-04-09 6.5 CVE-2024-2093
security@wordfence.com
security@wordfence.com
security@wordfence.com kyivstarteam — react-native-sms-user-consent
  A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508. 2024-04-07 5.3 CVE-2021-4438
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com leadinfo — leadinfo
  Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0. 2024-04-11 4.3 CVE-2024-32112
audit@patchstack.com leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-0376
security@wordfence.com
security@wordfence.com leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-2664
security@wordfence.com
security@wordfence.com leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.5 CVE-2024-2665
security@wordfence.com
security@wordfence.com leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin’s Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content. 2024-04-10 5.4 CVE-2024-2666
security@wordfence.com
security@wordfence.com leap13 — premium_addons_for_elementor
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. 2024-04-10 4.3 CVE-2024-31278
audit@patchstack.com lifterlms — lifterlms
  Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. 2024-04-12 4.3 CVE-2024-31363
audit@patchstack.com link_whisper — link_whisper_free
  Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. 2024-04-11 4.3 CVE-2024-31934
audit@patchstack.com livemesh — elementor_addons_by_livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1458
security@wordfence.com
security@wordfence.com livemesh — elementor_addons_by_livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1461
security@wordfence.com
security@wordfence.com livemesh — elementor_addons_by_livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1464
security@wordfence.com
security@wordfence.com livemesh — elementor_addons_by_livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1465
security@wordfence.com
security@wordfence.com livemesh — elementor_addons_by_livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue. 2024-04-09 6.4 CVE-2024-1466
security@wordfence.com
security@wordfence.com livemesh — elementor_addons_by_livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget ‘_id’ attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-2539
security@wordfence.com
security@wordfence.com livemesh — elementor_addons_by_livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-2655
security@wordfence.com
security@wordfence.com lizardbyte — sunshine
  Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability. 2024-04-08 5.9 CVE-2024-31221
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com mailmunch — mailmunch_-_grow_your_email_list
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6. 2024-04-07 6.5 CVE-2024-31349
audit@patchstack.com mark_stockton — quicksand_post_filter_jquery_plugin
  Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. 2024-04-11 5.3 CVE-2024-24850
audit@patchstack.com matrix-org — matrix-appservice-irc
  matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don’t have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It’s possible to limit the amount of information leaked by setting a reply template that doesn’t contain the original message. See these lines `601-604` in the configuration file linked. 2024-04-12 4.3 CVE-2024-32000
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com mautic — mautic
  Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available 2024-04-10 5.3 CVE-2024-2730
vulnerability@ncsc.ch mautic — mautic
  Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users’ names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. 2024-04-10 5.4 CVE-2024-2731
vulnerability@ncsc.ch mautic — mautic
  Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available. 2024-04-10 5 CVE-2024-3448
vulnerability@ncsc.ch max_foundry — media_library_folders
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. 2024-04-10 6.5 CVE-2024-31287
audit@patchstack.com mbis — permalink_manager_lite
  The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-04-09 6.1 CVE-2024-2738
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com mbis — permalink_manager_lite
  The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_uri_editor’ function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts. 2024-04-09 4.3 CVE-2024-2543
security@wordfence.com
security@wordfence.com
security@wordfence.com memberpress — memberpress
  The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and ‘error’ parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note – the issue was partially patched in 1.11.25, but could still potentially be exploited under some circumstances. 2024-04-09 6.1 CVE-2024-1412
security@wordfence.com
security@wordfence.com metagauss — profilegrid_
  Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. 2024-04-07 4.3 CVE-2024-31291
audit@patchstack.com metagauss — profilegrid_
  Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. 2024-04-12 4.3 CVE-2024-31362
audit@patchstack.com metagauss — registrationmagic
  Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. 2024-04-11 4.3 CVE-2024-25935
audit@patchstack.com metaslider — slider_gallery_and_carousel_by_metaslider_-_responsive_wordpress_slideshows
  The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘metaslider’ shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-11 6.4 CVE-2024-3285
security@wordfence.com
security@wordfence.com michael_leithold — dsgvo_all_in_one_for_wp
  Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. 2024-04-11 4.3 CVE-2024-27967
audit@patchstack.com micro.company — form_to_chat_app
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6. 2024-04-07 6.5 CVE-2024-31258
audit@patchstack.com microsoft — azure_arc_extension
  Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability 2024-04-09 6.2 CVE-2024-28917
secure@microsoft.com microsoft — azure_compute_gallery
  Azure Compute Gallery Elevation of Privilege Vulnerability 2024-04-09 6.5 CVE-2024-21424
secure@microsoft.com microsoft — azure_identity_library_for_.net
  Azure Identity Library for .NET Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-29992
secure@microsoft.com microsoft — azure_migrate
  Azure Migrate Remote Code Execution Vulnerability 2024-04-09 6.4 CVE-2024-26193
secure@microsoft.com microsoft — azure_private_5g_core
  Azure Private 5G Core Denial of Service Vulnerability 2024-04-09 5.9 CVE-2024-20685
secure@microsoft.com microsoft — microsoft_sharepoint_server_2019
  Microsoft SharePoint Server Spoofing Vulnerability 2024-04-09 6.8 CVE-2024-26251
secure@microsoft.com microsoft — windows_10_version_1809
  BitLocker Security Feature Bypass Vulnerability 2024-04-09 6.1 CVE-2024-20665
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.7 CVE-2024-20669
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.8 CVE-2024-26168
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.7 CVE-2024-26171
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Kerberos Denial of Service Vulnerability 2024-04-09 6.5 CVE-2024-26183
secure@microsoft.com microsoft — windows_10_version_1809
  Proxy Driver Spoofing Vulnerability 2024-04-09 6.7 CVE-2024-26234
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.7 CVE-2024-26250
secure@microsoft.com microsoft — windows_10_version_1809
  Windows rndismp6.sys Remote Code Execution Vulnerability 2024-04-09 6.8 CVE-2024-26252
secure@microsoft.com microsoft — windows_10_version_1809
  Windows rndismp6.sys Remote Code Execution Vulnerability 2024-04-09 6.8 CVE-2024-26253
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.8 CVE-2024-28897
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.3 CVE-2024-28898
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.7 CVE-2024-28903
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.7 CVE-2024-28919
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.7 CVE-2024-28921
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.4 CVE-2024-28923
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 6.7 CVE-2024-28924
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Hyper-V Denial of Service Vulnerability 2024-04-09 6.2 CVE-2024-29064
secure@microsoft.com microsoft — windows_10_version_1809
  Windows DWM Core Library Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-26172
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Remote Access Connection Manager Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-26207
secure@microsoft.com microsoft — windows_10_version_1809
  Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-26209
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Remote Access Connection Manager Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-26217
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Mobile Hotspot Information Disclosure Vulnerability 2024-04-09 5 CVE-2024-26220
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Remote Access Connection Manager Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-26255
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Remote Access Connection Manager Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-28900
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Remote Access Connection Manager Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-28901
secure@microsoft.com microsoft — windows_10_version_1809
  Windows Remote Access Connection Manager Information Disclosure Vulnerability 2024-04-09 5.5 CVE-2024-28902
secure@microsoft.com microsoft — windows_10_version_1809
  Secure Boot Security Feature Bypass Vulnerability 2024-04-09 4.1 CVE-2024-28922
secure@microsoft.com microsoft — windows_server_2019
  Windows Distributed File System (DFS) Information Disclosure Vulnerability 2024-04-09 6.5 CVE-2024-26226
secure@microsoft.com microsoft — windows_server_2019
  Windows Authentication Elevation of Privilege Vulnerability 2024-04-09 4.3 CVE-2024-29056
secure@microsoft.com mndpsingh287 — file_manager
  The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. 2024-04-09 6.8 CVE-2024-2654
security@wordfence.com
security@wordfence.com
security@wordfence.com n/a — dedecms
  A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-12 6.3 CVE-2024-3685
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — dedecms
  A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-12 4.3 CVE-2024-3686
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — eyoucms
  A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-07 4.7 CVE-2024-3431
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — freeipa
  A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. 2024-04-10 5.3 CVE-2024-1481
secalert@redhat.com
secalert@redhat.com n/a — mysql2
  Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. 2024-04-10 6.5 CVE-2024-21507
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io n/a — mysql2
  Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. 2024-04-10 6.5 CVE-2024-21509
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io n/a — qemu
  A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. 2024-04-10 5.5 CVE-2024-3567
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com n/a — save_as_image_plugin_by_pdfcrowd
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 . 2024-04-11 5.9 CVE-2024-31931
audit@patchstack.com netentsec — ns-asg_application_security_gateway
  A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711. 2024-04-08 6.3 CVE-2024-3455
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway
  A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712. 2024-04-08 6.3 CVE-2024-3456
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway
  A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability. 2024-04-08 6.3 CVE-2024-3457
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway
  A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability. 2024-04-08 6.3 CVE-2024-3458
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com nextendweb — smart_slider_3
  The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks. 2024-04-13 6.4 CVE-2024-3027
security@wordfence.com
security@wordfence.com nick_pelton — search_keyword_redirect
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. 2024-04-11 5.9 CVE-2024-32080
audit@patchstack.com nickboss — wordpress_file_upload
  The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2847
security@wordfence.com
security@wordfence.com ninjateam — wp_chat_app
  The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageAlt’ block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2513
security@wordfence.com
security@wordfence.com nudgify — nudgify_social_proof,_sales_popup_&_fomo
  Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. 2024-04-12 4.3 CVE-2024-31239
audit@patchstack.com nuknightlab — knight_lab_timeline
  The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2287
security@wordfence.com
security@wordfence.com nvidia — chatrtx
  NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users’ browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. 2024-04-08 6.5 CVE-2024-0083
psirt@nvidia.com oceanwp — ocean_extra
  The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3167
security@wordfence.com
security@wordfence.com
security@wordfence.com octolize — usps_shipping_for_woocommerce_-_live_rates
  Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. 2024-04-10 4.3 CVE-2024-31943
audit@patchstack.com octolize — woocommerce_ups_shipping_-_live_rates_and_access_points
  Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. 2024-04-10 4.3 CVE-2024-31944
audit@patchstack.com open-telemetry — opentelemetry-dotnet
  OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII – End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-04-12 4.1 CVE-2024-32028
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com open-xchange_gmbh — ox_app_suite
  RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known. 2024-04-08 6.1 CVE-2024-23192
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com open-xchange_gmbh — ox_app_suite
  Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known. 2024-04-08 5.4 CVE-2024-23189
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com open-xchange_gmbh — ox_app_suite
  Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. 2024-04-08 5.4 CVE-2024-23190
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com open-xchange_gmbh — ox_app_suite
  Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. 2024-04-08 5.4 CVE-2024-23191
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com opengnsys — opengnsys
  Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored. 2024-04-12 5.9 CVE-2024-3706
cve-coordination@incibe.es opengnsys — opengnsys
  Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. 2024-04-12 5.3 CVE-2024-3707
cve-coordination@incibe.es palo_alto_networks — pan-os
  An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption. 2024-04-10 5.3 CVE-2024-3386
psirt@paloaltonetworks.com palo_alto_networks — pan-os
  A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. 2024-04-10 5.3 CVE-2024-3387
psirt@paloaltonetworks.com palo_alto_networks — pan-os
  A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. 2024-04-10 4.1 CVE-2024-3388
psirt@paloaltonetworks.com patrickposner — passster_-_password_protect_pages_and_content
  The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2026
security@wordfence.com
security@wordfence.com pdfcrowd — save_as_pdf_plugin_by_pdfcrowd
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 . 2024-04-11 5.9 CVE-2024-31930
audit@patchstack.com peach_payments — peach_payments_gateway
  Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. 2024-04-11 5.4 CVE-2024-25922
audit@patchstack.com peepso — community_by_peepso
  Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. 2024-04-12 4.3 CVE-2024-31251
audit@patchstack.com pencidesign — soledad
  Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. 2024-04-09 6.5 CVE-2024-31368
audit@patchstack.com pencidesign — soledad
  Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. 2024-04-09 5.4 CVE-2024-31369
audit@patchstack.com phpbits_creative_studio — easy_login_styler_-_white_label_admin_login_page_for_wordpress
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. 2024-04-07 5.9 CVE-2024-31344
audit@patchstack.com phpgurukul — small_crm
  A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479. 2024-04-12 6.3 CVE-2024-3690
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com pickplugins — accordion
  The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ‘accordions_duplicate_post_as_draft’ function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts. 2024-04-09 5.4 CVE-2024-1641
security@wordfence.com
security@wordfence.com
security@wordfence.com ping_identity — pingfederate
  Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. 2024-04-10 6.5 CVE-2023-40148
responsible-disclosure@pingidentity.com
responsible-disclosure@pingidentity.com planet — igs-4215-16t2s
  Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality. 2024-04-11 6.4 CVE-2024-2742
cve-coordination@incibe.es pluginsware — advanced_classifieds_&_directory_pro
  The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads. 2024-04-09 4.3 CVE-2024-2222
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com polevaultweb — intagrate_lite
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7. 2024-04-11 5.9 CVE-2024-31929
audit@patchstack.com popup_likebox_team — popup_like_box
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. 2024-04-11 5.9 CVE-2024-31387
audit@patchstack.com prasunsen — watu_quiz
  The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘watu-basic-chart’ shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-0873
security@wordfence.com
security@wordfence.com prasunsen — watu_quiz
  The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails. 2024-04-09 4.3 CVE-2024-0872
security@wordfence.com
security@wordfence.com princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress
  The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-10 6.4 CVE-2024-1041
security@wordfence.com
security@wordfence.com princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress
  The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin’s settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. 2024-04-10 6.4 CVE-2024-1042
security@wordfence.com
security@wordfence.com propertyhive — propertyhive
  Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9. 2024-04-11 5.4 CVE-2024-27985
audit@patchstack.com psi-4ward — psitransfer
  PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue. CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. 2024-04-09 6.5 CVE-2024-31453
security-advisories@github.com
security-advisories@github.com psi-4ward — psitransfer
  PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue. CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. 2024-04-09 6.5 CVE-2024-31454
security-advisories@github.com
security-advisories@github.com puneethreddyhc — event_management
  A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-07 5.5 CVE-2024-3432
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com qodeinteractive — qi_addons_for_elementor
  The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-0826
security@wordfence.com
security@wordfence.com
security@wordfence.com rainbowgeek — seopress_-_on-site_seo
  The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2165
security@wordfence.com
security@wordfence.com rankmath — rank_math_seo_with_ai_seo_tools
  The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2536
security@wordfence.com
security@wordfence.com realmag777 — wolf_-_wordpress_posts_bulk_editor_and_manager_professional
  Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. 2024-04-10 4.3 CVE-2024-31430
audit@patchstack.com
audit@patchstack.com redisbloom — redisbloom
  RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. 2024-04-09 5.5 CVE-2024-25116
security-advisories@github.com
security-advisories@github.com relevanssi — relevanssi_-_a_better_search_(pro)
  The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. 2024-04-09 5.3 CVE-2024-3213
security@wordfence.com
security@wordfence.com
security@wordfence.com relevanssi — relevanssi_-_a_better_search_(pro)
  The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. 2024-04-09 5.8 CVE-2024-3214
security@wordfence.com
security@wordfence.com repute_infosystems — arforms_form_builder
  Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. 2024-04-12 6.3 CVE-2024-31272
audit@patchstack.com repute_infosystems — bookingpress
  Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81. 2024-04-07 4.3 CVE-2024-31296
audit@patchstack.com revolution_slider — slider_revolution
  The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors. 2024-04-09 6.4 CVE-2024-2306
security@wordfence.com
security@wordfence.com rtcamp — transcoder
  Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. 2024-04-12 4.3 CVE-2024-31305
audit@patchstack.com rubengc — gamipress_-_the_#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress
  The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2783
security@wordfence.com
security@wordfence.com saleor — saleor
  Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`. 2024-04-08 4.2 CVE-2024-31205
security-advisories@github.com
security-advisories@github.com saleor — saleor
  Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. 2024-04-11 4.3 CVE-2024-32105
audit@patchstack.com saleswonder.biz_team — wp2leads
  Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7. 2024-04-08 5.4 CVE-2024-31375
audit@patchstack.com sap_se — sap_business_connector
  The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side. 2024-04-09 4.8 CVE-2024-30214
cna@sap.com
cna@sap.com sap_se — sap_business_connector
  The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. 2024-04-09 4.8 CVE-2024-30215
cna@sap.com
cna@sap.com sap_se — sap_group_reporting_data_collection_(enter_package_data)
  SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction. 2024-04-09 6.5 CVE-2024-28167
cna@sap.com
cna@sap.com sap_se — sap_netweaver_as_abap_and_abap_platform
  The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. 2024-04-09 6.5 CVE-2024-30218
cna@sap.com
cna@sap.com sap_se — sap_netweaver
  SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. 2024-04-09 5.3 CVE-2024-27898
cna@sap.com
cna@sap.com sap_se — sap_s/4_hana_(cash_management)
  Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with ‘completed’ status affecting the integrity of the application. Confidentiality and Availability are not impacted. 2024-04-09 4.3 CVE-2024-30216
cna@sap.com
cna@sap.com sap_se — sap_s/4_hana_(cash_management)
  Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted. 2024-04-09 4.3 CVE-2024-30217
cna@sap.com
cna@sap.com saumya_majumder — wp_server_health_stats
  Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. 2024-04-12 4.3 CVE-2024-31250
audit@patchstack.com sc0ttkclark — pods_-_custom_content_types_and_fields
  The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role). 2024-04-09 4.3 CVE-2023-6965
security@wordfence.com
security@wordfence.com
security@wordfence.com setriosoft — bizcalendar_web
  The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-04-10 6.1 CVE-2024-1780
security@wordfence.com
security@wordfence.com shopware — shopware
  Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won’t be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround. 2024-04-08 5.3 CVE-2024-31447
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com shortpixel — shortpixel_adaptive_images
  Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. 2024-04-10 5.3 CVE-2024-31230
audit@patchstack.com siemens — scalance_w1748-1_m12
  A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 2 “Abuse the queue for network disruptions” of CVE-2022-47522. Affected devices can be tricked into enabling its power-saving mechanisms for a victim client. This could allow a physically proximate attacker to execute disconnection and denial-of-service attacks. 2024-04-09 6.1 CVE-2024-30190
productcert@siemens.com siemens — scalance_w721-1_rj45
  A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) (All versions), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) (All versions), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) (All versions), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) (All versions), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) (All versions). This CVE refers to Scenario 1 “Leak frames from the Wi-Fi queue” of CVE-2022-47522. Affected devices queue frames in order to subsequently change the security context and leak the queued frames. This could allow a physically proximate attacker to intercept (possibly cleartext) target-destined frames. 2024-04-09 6.1 CVE-2024-30189
productcert@siemens.com siemens — simatic_pcs_7_v9.1
  A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. 2024-04-09 6.2 CVE-2023-50821
productcert@siemens.com sigstore — cosign
  Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability. 2024-04-10 4.2 CVE-2024-29902
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com sigstore — cosign
  Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability. 2024-04-10 4.2 CVE-2024-29903
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com silverks — graphene
  The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source. 2024-04-09 5.3 CVE-2024-1984
security@wordfence.com
security@wordfence.com smub — easy_digital_downloads_-_sell_digital_files_&_subscriptions_(ecommerce_store_+_payments_made_easy)
  The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII. 2024-04-09 5.3 CVE-2024-2302
security@wordfence.com
security@wordfence.com
security@wordfence.com smub — wordpress_gallery_plugin_-_nextgen_gallery
  The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin. 2024-04-09 5.3 CVE-2024-3097
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com soflyy — import_any_xml_or_csv_file_to_wordpress
  Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. 2024-04-10 4.3 CVE-2024-31939
audit@patchstack.com softaculous — page_builder:_pagelayer_-_drag_and_drop_website_builder
  The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attr’ parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2504
security@wordfence.com
security@wordfence.com
security@wordfence.com someguy9 — lightweight_accordion
  The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2436
security@wordfence.com
security@wordfence.com
security@wordfence.com sourcecodester — kortex_lite_advocate_office_management_system
  A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability. 2024-04-11 4.7 CVE-2024-3617
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — kortex_lite_advocate_office_management_system
  A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability. 2024-04-11 4.7 CVE-2024-3618
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — kortex_lite_advocate_office_management_system
  A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275. 2024-04-11 4.7 CVE-2024-3619
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — kortex_lite_advocate_office_management_system
  A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276. 2024-04-11 4.7 CVE-2024-3620
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — kortex_lite_advocate_office_management_system
  A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability. 2024-04-11 4.7 CVE-2024-3621
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — laundry_management_system
  A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability. 2024-04-08 6.3 CVE-2024-3445
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — laundry_management_system
  A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability. 2024-04-08 6.3 CVE-2024-3464
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — laundry_management_system
  A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability. 2024-04-08 6.3 CVE-2024-3465
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — laundry_management_system
  A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747. 2024-04-08 5.5 CVE-2024-3466
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588. 2024-04-07 6.3 CVE-2024-3416
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability. 2024-04-07 6.3 CVE-2024-3417
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability. 2024-04-07 6.3 CVE-2024-3418
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591. 2024-04-07 6.3 CVE-2024-3419
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592. 2024-04-07 6.3 CVE-2024-3420
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability. 2024-04-07 6.3 CVE-2024-3421
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability. 2024-04-07 6.3 CVE-2024-3422
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595. 2024-04-07 6.3 CVE-2024-3423
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596. 2024-04-07 6.3 CVE-2024-3424
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_courseware
  A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability. 2024-04-07 6.3 CVE-2024-3425
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — prison_management_system
  A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability. 2024-04-08 6.3 CVE-2024-3436
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — prison_management_system
  A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability. 2024-04-08 6.3 CVE-2024-3441
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — prison_management_system
  A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695. 2024-04-08 6.3 CVE-2024-3442
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — prison_management_system
  A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631. 2024-04-08 4.7 CVE-2024-3437
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — prison_management_system
  A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability. 2024-04-08 4.7 CVE-2024-3440
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com spwebguy — responsive_tabs
  The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3514
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com stacklok — minder
  Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. 2024-04-09 4.3 CVE-2024-31455
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com staxwp — elementor_addons_widgets_and_enhancements_-_stax
  The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Heading’ widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3064
security@wordfence.com
security@wordfence.com stephanie_leary — convert_post_types
  Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. 2024-04-11 4.3 CVE-2024-32108
audit@patchstack.com stiofansisland — userswp_-_front-end_login_form,_user_registration_user_profile_&_members_directory_plugin_for_wordpress
  The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2423
security@wordfence.com
security@wordfence.com
security@wordfence.com strangerstudios — paid_memberships_pro_-_content_restriction_user_registration_&_paid_subscriptions
  The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-04-09 4.3 CVE-2024-0588
security@wordfence.com
security@wordfence.com stylemix — masterstudy_lms_wordpress_plugin__for_online_courses_and_education
  The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts. 2024-04-09 4.3 CVE-2024-1904
security@wordfence.com
security@wordfence.com supportcandy — supportcandy
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3. 2024-04-11 6.5 CVE-2024-27991
audit@patchstack.com supsystic — easy_google_maps
  Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. 2024-04-12 4.3 CVE-2024-31269
audit@patchstack.com supsystic — ultimate_maps_by_supsystic
  Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. 2024-04-12 4.3 CVE-2024-31271
audit@patchstack.com tausworks — global_elementor_buttons
  The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2327
security@wordfence.com
security@wordfence.com tbk — dvr-4104
  A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576. 2024-04-13 6.3 CVE-2024-3737
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tbk –dvr-4104 

 

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. 2024-04-13 6.3 CVE-2024-3721
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin
  The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. 2024-04-09 6.5 CVE-2024-1352
security@wordfence.com
security@wordfence.com
security@wordfence.com the_moneytizer — the_moneytizer
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20. 2024-04-11 6.5 CVE-2024-27990
audit@patchstack.com the_tcpdump_group — tcpdump
  Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. 2024-04-12 6.2 CVE-2024-2397
security@tcpdump.org theeventscalendar — event_tickets_and_registration
  The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses. 2024-04-09 4.3 CVE-2024-2261
security@wordfence.com
security@wordfence.com thehappymonster — happy_addons_for_elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1498
security@wordfence.com
security@wordfence.com
security@wordfence.com thehappymonster — happy_addons_for_elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2787
security@wordfence.com
security@wordfence.com thehappymonster — happy_addons_for_elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2788
security@wordfence.com
security@wordfence.com thehappymonster — happy_addons_for_elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2789
security@wordfence.com
security@wordfence.com thehappymonster — happy_addons_for_elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 5.4 CVE-2024-2786
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com thehappymonster — happy_addons_for_elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure. 2024-04-09 4.3 CVE-2024-1387
security@wordfence.com
security@wordfence.com
security@wordfence.com themefusion — avada_|_website_builder_for_wordpress_&_woocommerce
  The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2311
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com themefusion — avada_|_website_builder_for_wordpress_&_woocommerce
  The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2024-04-09 6.4 CVE-2024-2343
security@wordfence.com
security@wordfence.com
security@wordfence.com themefusion — avada_|_website_builder_for_wordpress_&_woocommerce
  The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the ‘/wp-content/uploads/fusion-forms/’ directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. 2024-04-09 5.3 CVE-2024-2340
security@wordfence.com
security@wordfence.com themeisle — multiple_page_generator_plugin_-_mpg
  Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. 2024-04-12 5.4 CVE-2024-31301
audit@patchstack.com themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
  The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2226
security@wordfence.com
security@wordfence.com themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
  The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-11 6.4 CVE-2024-3343
security@wordfence.com
security@wordfence.com themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
  The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-11 6.4 CVE-2024-3344
security@wordfence.com
security@wordfence.com themeisle — rss_aggregator_by_feedzy_-_feed_to_post_autoblogging_news_&_youtube_video_feeds_aggregator
  The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-07 6.4 CVE-2023-6877
security@wordfence.com
security@wordfence.com themepoints — testimonials
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5. 2024-04-07 6.5 CVE-2024-31348
audit@patchstack.com themepunch — essential_grid_gallery_wordpress_plugin

 

The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information. 2024-04-10 5.3 CVE-2024-3235
security@wordfence.com
security@wordfence.com themesgrove — all-in-one_addons_for_elementor_-_widgetkit
  The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-12 6.4 CVE-2024-2137
security@wordfence.com
security@wordfence.com thimpress — learnpress_-_wordpress_lms_plugin
  The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed. 2024-04-09 6.5 CVE-2024-1289
security@wordfence.com
security@wordfence.com thimpress — learnpress_-_wordpress_lms_plugin
  The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 4.4 CVE-2024-1463
security@wordfence.com
security@wordfence.com tianwell — fire_intelligent_command_platform
  A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572. 2024-04-13 6.3 CVE-2024-3720
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com totalpressorg — custom_post_types_custom_fields_&_more
  The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2023-6993
security@wordfence.com
security@wordfence.com tribulant — slideshow_gallery
  Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. 2024-04-10 5.3 CVE-2024-31353
audit@patchstack.com tribulant — slideshow_gallery
  Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. 2024-04-12 4.3 CVE-2024-31354
audit@patchstack.com varun_kumar — easy_logo
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. 2024-04-11 5.9 CVE-2024-32083
audit@patchstack.com visitor_analytics — twipla_(visitor_analytics_io)
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0. 2024-04-11 5.9 CVE-2024-31937
audit@patchstack.com vjinfotech — wp_import_export_lite
  Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26. 2024-04-07 4.4 CVE-2024-31308
audit@patchstack.com wangshen — secgate_3600
  A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability. 2024-04-08 4.7 CVE-2024-3444
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform
  The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-1424
security@wordfence.com
security@wordfence.com webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform
  The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘give_form’ shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-13 6.4 CVE-2024-1957
security@wordfence.com
security@wordfence.com webfactory — wp_reset_-_most_advanced_wordpress_reset_tool
  The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames. 2024-04-09 5.9 CVE-2023-6799
security@wordfence.com
security@wordfence.com webtechstreet — elementor_addon_elements
  The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.5 CVE-2024-2792
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com webtoffee — wordpress_comments_import_&_export
  Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. 2024-04-12 4.3 CVE-2024-31235
audit@patchstack.com wen_themes — wen_responsive_columns
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2. 2024-04-11 6.5 CVE-2024-27988
audit@patchstack.com woocommerce — woocommerce_shipping_per_product
  Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. 2024-04-12 4.3 CVE-2023-51499
audit@patchstack.com wp_compress — wp_compress_-_image_optimizer_[all-in-one]
  Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. 2024-04-11 4.3 CVE-2024-32106
audit@patchstack.com wp_darko — top_bar
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5. 2024-04-11 5.9 CVE-2024-31928
audit@patchstack.com wp_enhanced — free_downloads_woocommerce
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2. 2024-04-11 6.5 CVE-2024-27969
audit@patchstack.com wp_oauth_server — oauth_server
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. 2024-04-10 4.7 CVE-2024-31253
audit@patchstack.com wp_royal — royal_elementor_addons
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. 2024-04-07 6.5 CVE-2024-31236
audit@patchstack.com wp_swings — points_and_rewards_for_woocommerce
  Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. 2024-04-11 5.4 CVE-2023-27607
audit@patchstack.com wpcalc — modal_window_-_create_popup_modal_window
  The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2457
security@wordfence.com
security@wordfence.com wpclever — wpc_smart_quick_view_for_woocommerce
  The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-04-13 4.4 CVE-2023-6494
security@wordfence.com
security@wordfence.com wpcloudgallery — wordpress_gallery_exporter
  Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. 2024-04-10 6.5 CVE-2024-31342
audit@patchstack.com wpdeveloper — essential_blocks_for_gutenberg
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3. 2024-04-07 6.5 CVE-2024-31306
audit@patchstack.com wpdevteam — betterdocs_-_best_documentation_faq_&_knowledge_base_plugin_with_ai_support_&_instant_answer_for_elementor_&_gutenberg
  The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2845
security@wordfence.com
security@wordfence.com wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos,_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor
  The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’embedpress_calendar’ shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3244
security@wordfence.com
security@wordfence.com
security@wordfence.com wpdevteam — essential_addons_for_elementor_-_best_elementor_templates_widgets_kits_&_woocommerce_builders
  The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2650
security@wordfence.com
security@wordfence.com wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
  The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget’s message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2623
security@wordfence.com
security@wordfence.com
security@wordfence.com wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders
  The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts. 2024-04-09 5.3 CVE-2024-2974
security@wordfence.com
security@wordfence.com wpgmaps — wp_go_maps_(formerly_wp_google_maps)
  The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer’s Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin. 2024-04-09 5.3 CVE-2023-6777
security@wordfence.com
security@wordfence.com wpkube — subscribe_to_comments_reloaded
  Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. 2024-04-10 5.3 CVE-2024-31249
audit@patchstack.com wpmudev — forminator_-_contact_form_payment_form_&_custom_form_builder
  The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-3053
security@wordfence.com
security@wordfence.com wpzoom — beaver_builder_addons_by_wpzoom
  The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2181
security@wordfence.com
security@wordfence.com wpzoom — beaver_builder_addons_by_wpzoom
  The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30424 is likely a duplicate of this issue. 2024-04-09 6.4 CVE-2024-2183
security@wordfence.com
security@wordfence.com wpzoom — beaver_builder_addons_by_wpzoom
  The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2185
security@wordfence.com
security@wordfence.com wpzoom — beaver_builder_addons_by_wpzoom
  The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2186
security@wordfence.com
security@wordfence.com wpzoom — beaver_builder_addons_by_wpzoom
  The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-04-09 6.4 CVE-2024-2187
security@wordfence.com
security@wordfence.com wpzoom — wpzoom_social_feed_widget_&_block
  The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site. 2024-04-13 4.3 CVE-2024-3662
security@wordfence.com
security@wordfence.com xiamen_four-faith — rmp_router_management_platform
  A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-04-12 6.3 CVE-2024-3688
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com xlplugins — finale_lite
  Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. 2024-04-11 4.3 CVE-2024-32107
audit@patchstack.com xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it’s possible for an attacker to have access to the hash password of a user if they have rights to edit the users’ page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as an attacker with enough privilege could have deleted the revision where the xobject was deleted after rolling-back the deletion. But again, this operation requires high privileges on the target page (Admin right). A page with a user password xobject which have in its history a revision where the object has been deleted should be considered at risk and the password should be changed there. a diff, to ensure it’s not coming from a password field. As another mitigation, admins should ensure that the user pages are properly protected: the edit right shouldn’t be allowed for other users than Admin and owner of the profile (which is the default right). There is not much workaround possible for a privileged user other than upgrading XWiki. 2024-04-10 6.8 CVE-2024-31464
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page. 2024-04-10 5.4 CVE-2024-31985
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com xylus_themes — wp_event_aggregator
  Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. 2024-04-12 4.3 CVE-2024-31371
audit@patchstack.com yith — yith_woocommerce_gift_cards_premium
  Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. 2024-04-11 6.5 CVE-2022-44633
audit@patchstack.com zaytech — smart_online_order_for_clover
  Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. 2024-04-12 5.4 CVE-2024-31238
audit@patchstack.com zoom_video_communications_inc. — zoom_desktop_client_for_linux
  Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. 2024-04-09 4.1 CVE-2024-27242
security@zoom.us zoom_video_communications_inc. — zoom_desktop_client_for_macos
  Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. 2024-04-09 5.5 CVE-2024-27247
security@zoom.us zoom_video_communications_inc. — zoom_desktop_client_for_windows
  Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. 2024-04-09 5.9 CVE-2024-24694
security@zoom.us



Source link
lol

10web — form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder  The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures. 2024-04-09 5.9 CVE-2024-2112security@wordfence.comsecurity@wordfence.com adobe…

Leave a Reply

Your email address will not be published. Required fields are marked *