Security Vulnerabilities - CVEs Published In May 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0.
CVSS Score
7.6
EPSS Score
0.006
Published
2024-05-17
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.
CVSS Score
7.7
EPSS Score
0.007
Published
2024-05-17
Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.
CVSS Score
5.0
EPSS Score
0.002
Published
2024-05-17
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
CVSS Score
6.1
EPSS Score
0.012
Published
2024-05-17
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
6.1
EPSS Score
0.001
Published
2024-05-17
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-17
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg: from n/a through 1.5.3.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-17
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-05-17
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-17
Azure Monitor Agent Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.01
Published
2024-05-16