Skip to main content
CVE-2024-1109 MEDIUM PATCH This Month

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Podlove Podcast Publisher
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1110 MEDIUM PATCH This Month

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Podlove Podcast Publisher
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-23806 MEDIUM This Month

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Omnikey Secure Elements Reader Configuration Cards Firmware Iclass Se Reader Configuration Cards Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0849 MEDIUM This Month

Leanote version 2.7.0 allows obtaining arbitrary local files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Desktop
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-0955 MEDIUM This Month

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-0977 MEDIUM PATCH This Month

The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Timeline Widget For Elementor Elementor
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-24823 MEDIUM PATCH This Month

Graylog is a free and open log management platform. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

XSS Session Fixation Graylog
NVD GitHub
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-1078 MEDIUM PATCH This Month

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Quiz Maker
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22021 MEDIUM This Month

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Availability Orchestrator Disaster Recovery Orchestrator Recovery Orchestrator
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-0628 LOW PATCH Monitor

The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF WordPress Wp Rss Aggregator
NVD
CVSS 3.1
3.8
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy