CyberSecurityBoard
Sponsor Register Login

CVE-2024-2868

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This Cyber News was published on www.tenable.com. Publication date: Thu, 04 Apr 2024 22:41:04 +0000


Cyber News related to CVE-2024-2868

Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day - China-linked hackers continue to target Barracuda Email Security Gateway appliances, with recent attacks involving exploitation of a new zero-day vulnerability. It came to light in May 2023 that a Barracuda ESG zero-day tracked as CVE-2023-2868 had ...
1 year ago Securityweek.com CVE-2023-2868 CVE-2023-7102 CVE-2023-7101
Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day - China-linked hackers continue to target Barracuda Email Security Gateway appliances, with recent attacks involving exploitation of a new zero-day vulnerability. It came to light in May 2023 that a Barracuda ESG zero-day tracked as CVE-2023-2868 had ...
1 year ago Packetstormsecurity.com CVE-2023-2868 CVE-2023-7102 CVE-2023-7101
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
8 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
Alert: Chinese Threat Actors Exploit Barracuda Zero-Day Flaw - In recent developments, Barracuda, a prominent network and email cybersecurity firm, has been grappling with a zero-day vulnerability. In this blog, we'll look into the Barracuda zero-day flaw, exploring its intricacies and the consequential impact ...
1 year ago Securityboulevard.com CVE-2023-7101 CVE-2023-2868
CVE-2024-2868 - The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget ...
1 year ago Tenable.com
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ - The recently disclosed vulnerability affecting Barracuda Email Security Gateway appliances has been exploited as a zero-day to target government, high-tech and IT organizations, according to Mandiant. The ESG vulnerability, tracked as CVE-2023-7102, ...
1 year ago Securityweek.com CVE-2023-7102 CVE-2023-2868
CVE-2005-2868 - ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords. ...
16 years ago
CVE-2009-2868 - Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and ...
15 years ago
CVE-2014-2868 - PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable. Per http://cwe.mitre.org/data/definitions/472.html ...
11 years ago
CVE-2016-2868 - IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) ...
8 years ago
CVE-2015-2868 - An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that ...
8 years ago
CVE-2013-2868 - common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension ...
7 years ago
CVE-2008-2868 - SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter. ...
7 years ago
CVE-2006-2868 - Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php. ...
7 years ago
CVE-2010-2868 - IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid ...
6 years ago
CVE-2007-2868 - Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of ...
6 years ago
CVE-2012-2868 - Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) ...
6 years ago
CVE-2011-2868 - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other ...
6 years ago
CVE-2020-2868 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with ...
5 years ago
CVE-2018-2868 - Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable ...
4 years ago
CVE-2019-2868 - Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated ...
4 years ago
CVE-2017-2868 - An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)