Skip to main content
CVE-2024-0585 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Essential Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-6557 MEDIUM This Month

The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Authentication Bypass The Events Calendar
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-0823 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Exclusive Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0790 MEDIUM PATCH This Month

The WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-7014 MEDIUM PATCH This Month

The Author Box, Guest Author and Co-Authors for Your Posts - Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure WordPress Molongui Authorship
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-0834 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementor Addon Elements
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1121 MEDIUM PATCH This Month

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Advanced Forms For Acf
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-0969 MEDIUM PATCH This Month

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure WordPress Authentication Bypass Armember
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1177 MEDIUM PATCH This Month

The WP Club Manager - WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Club Manager
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0701 MEDIUM PATCH This Month

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Userpro
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-6963 MEDIUM PATCH This Month

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Getwid
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-24860 MEDIUM This Month

A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-24855 MEDIUM This Month

A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. Rated medium severity (CVSS 5.0). No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2023-6953 MEDIUM PATCH This Month

The PDF Generator For Fluent Forms - The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Pdf Generator For Fluent Forms
NVD VulDB
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-24807 MEDIUM PATCH This Month

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Sulu
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-24864 MEDIUM This Month

A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-23196 MEDIUM This Month

A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-22386 MEDIUM This Month

A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Samsung Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-24857 MEDIUM This Month

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. Rated medium severity (CVSS 4.6). No vendor patch available.

Denial Of Service Race Condition Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-24858 MEDIUM This Month

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. Rated medium severity (CVSS 4.6). No vendor patch available.

Denial Of Service Race Condition Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-24859 MEDIUM This Month

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. Rated medium severity (CVSS 4.6). No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-0630 MEDIUM PATCH This Month

The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Rss Aggregator
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-4637 MEDIUM This Month

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Migration Backup Staging
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-0612 MEDIUM PATCH This Month

The Content Views - Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Content Views
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0597 MEDIUM PATCH This Month

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Seo Plugin By Squirrly Seo
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-20016 MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-0366 MEDIUM This Month

The Starbox - the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Starbox
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6983 MEDIUM PATCH This Month

The Display custom fields in the frontend - Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Display Custom Fields In The Frontend Post And User Profile Fields
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0797 MEDIUM PATCH This Month

The Active Products Tables for WooCommerce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Woot
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0791 MEDIUM PATCH This Month

The WOLF - WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0859 MEDIUM PATCH This Month

The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Affiliates Manager
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1092 MEDIUM PATCH This Month

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0371 MEDIUM PATCH This Month

The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Views For Wpforms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6959 MEDIUM PATCH This Month

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Getwid
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0370 MEDIUM PATCH This Month

The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Views For Wpforms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0835 MEDIUM PATCH This Month

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Royal Elementor Kit Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0796 MEDIUM PATCH This Month

The Active Products Tables for WooCommerce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Woot
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0372 MEDIUM PATCH This Month

The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Views For Wpforms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0374 MEDIUM PATCH This Month

The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress CSRF Views For Wpforms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0373 MEDIUM PATCH This Month

The Views for WPForms - Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Authentication Bypass Views For Wpforms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy