Skip to main content
CVE-2024-0250 MEDIUM POC This Month

The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Open Redirect Google Analytics Insights
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-25741 MEDIUM POC This Month

printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0420 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress Maps For Wordpress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0421 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Mappress Maps For Wordpress
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-0248 MEDIUM POC This Month

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Eazydocs
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-46615 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Kalli Dan. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Kd Coming Soon
NVD
CVSS 3.1
5.4
EPSS
5.6%
CVE-2023-51403 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Restaurant Reservations
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24931 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Before After Image Slider
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24930 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buttons Shortcode And Widget
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50875 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS - Online Courses, Quizzes, & Learning allows Stored XSS.17.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sensei Lms
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24928 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.9.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Content Cards
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1250 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22226 MEDIUM This Month

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Unity Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22221 MEDIUM This Month

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Unity Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24889 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS All 404 Pages Redirect To Homepage
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-51370 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.4.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Chat App
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-47526 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify - WordPress Chart Plugin allows Stored XSS.0.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Chartify
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-25739 MEDIUM This Month

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-1062 MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service 389 Directory Server Directory Server +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-25740 MEDIUM This Month

A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-24887 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery - Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.2.8.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Contest Gallery
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22230 MEDIUM This Month

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Unity Operating Environment
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-0169 MEDIUM This Month

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell Unity Operating Environment
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1459 MEDIUM PATCH This Month

A path traversal vulnerability was found in Undertow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Undertow
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2024-25360 MEDIUM This Month

A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cx2L Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-24929 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Contact Form
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24935 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Basic Log Viewer
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24875 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.5.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Link Library
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24884 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contact Form 7 Connector
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy