CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32145 – WordPress WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2024-32145
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en PineWise WP Google Analytics Events permite el XSS reflejado. Este problema afecta a WP Google Analytics Events: desde n/a hasta 2.8.0. The WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-google-analytics-events/wordpress-wp-google-analytics-events-no-code-custom-event-tracking-for-google-analytics-plugin-2-8-0-reflected-cross-site-scripting-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32087 – WordPress Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More plugin <= 3.5.7 - Auth. SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2024-32087
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en ExportFeed.Com Product Feed on WooCommerce for Google. Este problema afecta el feed de productos en WooCommerce para Google: desde n/a hasta 3.5.7. The Product Feed on WooCommerce for Google plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/purple-xmls-google-product-feed-for-woocommerce/wordpress-product-feed-on-woocommerce-for-google-awin-shareasale-bing-and-more-plugin-3-5-7-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3515
https://notcve.org/view.php?id=CVE-2024-3515
Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Dawn en Google Chrome anterior a 123.0.6312.122 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html https://issues.chromium.org/issues/331123811 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3516
https://notcve.org/view.php?id=CVE-2024-3516
Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en ANGLE en Google Chrome anterior a 123.0.6312.122 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html https://issues.chromium.org/issues/328859176 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3157
https://notcve.org/view.php?id=CVE-2024-3157
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) El acceso a la memoria fuera de los límites en Compositing en Google Chrome anterior a 123.0.6312.122 permitía a un atacante remoto que había comprometido el proceso de la GPU realizar potencialmente un escape de la zona de pruebas mediante gestos específicos de la interfaz de usuario. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html https://issues.chromium.org/issues/331237485 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4 •