CVE-2024-37955

CVE-2024-37955

Título es
CVE-2024-37955

Sáb, 20/07/2024 – 09:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-37955

Descripción en
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3.

20/07/2024
20/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://patchstack.com/database/vulnerability/slider-blocks/wordpress-gutslider-all-in-one-block-slider-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37954

    CVE-2024-37954

    Título es
    CVE-2024-37954

    Sáb, 20/07/2024 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37954

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/vulnerability/simple-responsive-slider/wordpress-simple-responsive-slider-plugin-0-2-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37953

    CVE-2024-37953

    Título es
    CVE-2024-37953

    Sáb, 20/07/2024 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37953

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MBE Worldwide S.P.A. MBE eShip allows Reflected XSS.This issue affects MBE eShip: from n/a through 2.1.2.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/vulnerability/mail-boxes-etc/wordpress-mbe-eship-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37958

    CVE-2024-37958

    Título es
    CVE-2024-37958

    Sáb, 20/07/2024 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37958

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37957

    CVE-2024-37957

    Título es
    CVE-2024-37957

    Sáb, 20/07/2024 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37957

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/bradmax-player/wordpress-bradmax-player-plugin-1-1-27-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37956

    CVE-2024-37956

    Título es
    CVE-2024-37956

    Sáb, 20/07/2024 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37956

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.98.1.0.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/vk-all-in-one-expansion-unit/wordpress-vk-all-in-one-expansion-unit-plugin-9-97-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-6497

    CVE-2024-6497

    Título es
    CVE-2024-6497

    Sáb, 20/07/2024 – 09:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6497

    Descripción en
    The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://plugins.trac.wordpress.org/browser/squirrly-seo/trunk/controllers/Api.php#L267

  • https://plugins.trac.wordpress.org/changeset/3121853/

  • SEO Plugin by Squirrly SEO



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/bb3aa613-8f34-4d96-8ddf-41fcdcf65c59?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-37959

    CVE-2024-37959

    Título es
    CVE-2024-37959

    Sáb, 20/07/2024 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37959

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/embed-power-bi/wordpress-power-bi-embedded-for-wordpress-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37561

    CVE-2024-37561

    Título es
    CVE-2024-37561

    Sáb, 20/07/2024 – 10:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37561

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/plugin-notes-plus/wordpress-plugin-notes-plus-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-37562

    CVE-2024-37562

    Título es
    CVE-2024-37562

    Sáb, 20/07/2024 – 10:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37562

    Descripción en
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7.

    20/07/2024
    20/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/vulnerability/simple-post-notes/wordpress-simple-post-notes-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off