CyberSecurityBoard
Sponsor Register Login

CVE-2024-2399

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Publication date: Fri, 15 Mar 2024 12:15:00 +0000


Cyber News related to CVE-2024-2399

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
3 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
10 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
7 months ago Tenable.com
CVE-2024-2399 - The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied ...
9 months ago
CVE-2024-42297 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2008-2399 - Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related ...
7 years ago
CVE-2012-2399 - Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML ...
7 years ago
CVE-2014-2400 - Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different ...
6 years ago
CVE-2014-2399 - Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different ...
6 years ago
CVE-2002-2399 - Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. ...
16 years ago
CVE-2004-2399 - Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries. ...
16 years ago
CVE-2010-2399 - Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/VM. ...
12 years ago
CVE-2013-2399 - Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Server Components. ...
11 years ago
CVE-2005-2399 - PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. ...
8 years ago
CVE-2011-2399 - Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors. ...
7 years ago
CVE-2009-2399 - PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter. ...
7 years ago
CVE-2016-2399 - Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. ...
7 years ago
CVE-2006-2399 - Stack-based buffer overflow in the ServerNetworking::incoming_client_data function in servnet.cpp in Outgun 1.0.3 bot 2 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a ...
6 years ago
CVE-2017-2399 - An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived ...
5 years ago
CVE-2018-2399 - Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. ...
5 years ago
CVE-2019-2399 - Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows ...
4 years ago
CVE-2021-2399 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols ...
3 years ago
CVE-2022-2399 - Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
2 years ago
CVE-2007-2399 - WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)