Skip to main content
CVE-2018-10234 MEDIUM POC This Month

Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP User Profile Membership
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-10301 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wd Instagram Feed
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-10300 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wd Instagram Feed
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-1106 MEDIUM This Month

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Packagekit Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +5
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-9921 MEDIUM This Month

In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Cms Made Simple
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-4847 MEDIUM This Month

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Apple Simatic Wincc Oa Operator
NVD
CVSS 3.0
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy