CyberSecurityBoard
Sponsor Register Login

CVE-2024-2847

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This Cyber News was published on www.tenable.com. Publication date: Tue, 09 Apr 2024 22:56:03 +0000


Cyber News related to CVE-2024-2847

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
3 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
9 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
6 months ago Tenable.com
CVE-2024-2847 - The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied ...
8 months ago Tenable.com
CVE-2007-2847 - Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than ...
6 years ago
CVE-2014-2847 - SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. ...
10 years ago
CVE-2015-2847 - Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. ...
9 years ago
CVE-2005-2847 - img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. ...
8 years ago
CVE-2012-2847 - Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a ...
7 years ago
CVE-2013-2847 - Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. ...
7 years ago
CVE-2008-2847 - SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php. ...
7 years ago
CVE-2009-2847 - The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive ...
6 years ago
CVE-2010-2847 - Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to ...
6 years ago
CVE-2006-2847 - SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. ...
6 years ago
CVE-2018-2847 - Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged ...
5 years ago
CVE-2011-2847 - Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. ...
4 years ago
CVE-2017-2847 - In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command ...
2 years ago
CVE-2022-2847 - A vulnerability, which was classified as critical, has been found in SourceCodester Guest Management System. This issue affects some unknown processing of the file /guestmanagement/front.php. The manipulation of the argument rid leads to sql ...
2 years ago
CVE-2020-2847 - Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with ...
4 years ago
CVE-2019-2847 - Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. ...
4 years ago
CVE-2023-2847 - ...
1 year ago
CVE-2016-2847 - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. ...
1 year ago
The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com
CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
3 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)