Security Vulnerabilities - CVEs Published In February 2024
Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-21
Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-02-21
The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-02-21
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-02-21
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-21
This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-21
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-21
The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-02-21
A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-02-21
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-02-21