Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-28070 |
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. Published: March 16, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28069 |
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. Published: March 16, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24156 |
Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. Published: March 16, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1733 |
The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site. Published: March 16, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1685 |
The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Published: March 16, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24845 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. Published: March 16, 2024; 1:15:21 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23523 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2. Published: March 16, 2024; 1:15:21 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22259 |
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. Published: March 16, 2024; 1:15:20 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-36483 |
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history. Published: March 16, 2024; 1:15:18 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2042 |
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: March 15, 2024; 11:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1239 |
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: March 15, 2024; 11:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6525 |
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled. Published: March 15, 2024; 11:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2308 |
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: March 15, 2024; 10:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2294 |
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers. Published: March 15, 2024; 10:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27197 |
Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8. Published: March 15, 2024; 10:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27195 |
Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5. Published: March 15, 2024; 10:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27194 |
Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6. Published: March 15, 2024; 10:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-51487 |
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32. Published: March 15, 2024; 10:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-51486 |
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101. Published: March 15, 2024; 10:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-51474 |
Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3. Published: March 15, 2024; 10:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |