#ExploitObserverAlert
CVE-2024-27969
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27969. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27969
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27969. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-27991
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27991. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27991
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27991. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2023-4408
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-4408. The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.6482605
CVE-2023-4408
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-4408. The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-EXPLOITABILITY: 0.6482605
#ExploitObserverAlert
CVE-2024-27967
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27967. Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27967
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27967. Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-25922
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-25922. Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-25922
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-25922. Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-25376
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2024-25376. An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6369742
CVE-2024-25376
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2024-25376. An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6369742
#ExploitObserverAlert
CVE-2024-24850
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-24850. Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-24850
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-24850. Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2023-51672
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-51672. Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2023-51672
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-51672. Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2023-29483
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-29483. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.6373563
CVE-2023-29483
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-29483. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
FIRST-EPSS: 0.000440000
ARPS-EXPLOITABILITY: 0.6373563
#ExploitObserverAlert
CVE-2024-29019
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-29019. ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6145687
CVE-2024-29019
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-29019. ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.6145687
#ExploitObserverAlert
CVE-2023-6257
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-6257. The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5747126
CVE-2023-6257
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-6257. The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5747126
#ExploitObserverAlert
CVE-2024-25912
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-25912. Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-25912
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-25912. Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-27985
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27985. Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27985
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27985. Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-27989
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27989. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27989
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27989. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
❤1
#ExploitObserverAlert
CVE-2024-27966
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27966. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27966
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27966. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-0881
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-0881. The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5747126
CVE-2024-0881
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-0881. The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5747126
#ExploitObserverAlert
CVE-2024-27988
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27988. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27988
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27988. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-25907
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-25907. Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-25907
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-25907. Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
#ExploitObserverAlert
CVE-2024-0337
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2024-0337. The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
FIRST-EPSS: 0.000530000
ARPS-EXPLOITABILITY: 0.7988794
CVE-2024-0337
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2024-0337. The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
FIRST-EPSS: 0.000530000
ARPS-EXPLOITABILITY: 0.7988794
#ExploitObserverAlert
CVE-2024-23190
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-23190. Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.7672484
CVE-2024-23190
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-23190. Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known.
FIRST-EPSS: 0.000450000
ARPS-EXPLOITABILITY: 0.7672484
#ExploitObserverAlert
CVE-2024-27970
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27970. Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263
CVE-2024-27970
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2024-27970. Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.
FIRST-EPSS: 0.000430000
ARPS-EXPLOITABILITY: 0.5986263