Skip to main content
CVE-2024-0958 MEDIUM POC This Month

A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic.php of the component Add Category Handler. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Stock Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-0618 MEDIUM POC PATCH This Month

The Contact Form Plugin - Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Contact Form
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-0697 MEDIUM PATCH This Month

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Backuply
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-0824 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-0667 MEDIUM PATCH This Month

The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Form Maker
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-52187 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite - Show Image Credits and Captions.17.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Image Source Control
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0664 MEDIUM PATCH This Month

The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Meks Smart Social Widget
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-6497 MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Simple Paypal Shopping Cart
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy