CyberSecurityBoard
Sponsor Register Login

CVE-2024-4043

The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpupg-text' shortcode in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This Cyber News was published on www.tenable.com. Publication date: Thu, 23 May 2024 10:56:02 +0000


Cyber News related to CVE-2024-4043

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
6 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-4043 - The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpupg-text' shortcode in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user ...
11 months ago Tenable.com
CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild - GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents. Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, ...
6 months ago Gbhackers.com CVE-2020-15415 CVE-2021-4043
Linux malware “perfctl” behind years-long cryptomining campaign - According to Aqua Nautilus researchers who discovered perfctl, the malware likely targeted millions of Linux servers in recent years and possibly caused infections in several thousands of them. Aqua Nautilus proposes several ways for detecting and ...
6 months ago Bleepingcomputer.com CVE-2023-33246 CVE-2021-4043 Rocke
CVE-2021-4043 - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. ...
5 months ago
CVE-2007-4043 - file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could ...
16 years ago
CVE-2010-2049 - Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this ...
14 years ago
CVE-2011-4043 - Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer ...
1 year ago
CVE-2012-4043 - Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web ...
12 years ago
CVE-2016-4043 - Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. ...
8 years ago
CVE-2005-4043 - SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters. ...
7 years ago
CVE-2009-4043 - Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. ...
7 years ago
CVE-2013-4043 - The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request. ...
7 years ago
CVE-2010-4043 - Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document. ...
7 years ago
CVE-2008-4043 - Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php. ...
7 years ago
CVE-2015-4043 - SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. ...
6 years ago
CVE-2006-4043 - index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. ...
6 years ago
CVE-2014-4043 - The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. ...
5 years ago
CVE-2020-4043 - phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution (discovered, tested, and confirmed by myself), ...
4 years ago
CVE-2018-4043 - An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would ...
2 years ago
CVE-2019-4043 - IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume ...
2 years ago
CVE-2022-4043 - The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. ...
2 years ago
CVE-2023-4043 - In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)