Skip to main content
CVE-2024-1722 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-1341 MEDIUM PATCH This Month

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Advanced Iframe
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-26607 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022. Rated medium severity (CVSS 4.7).

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-0621 MEDIUM PATCH This Month

The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple Share Buttons Adder
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-0658 MEDIUM PATCH This Month

The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS WordPress Insert Php Code Snippet
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0656 MEDIUM PATCH This Month

The Password Protected - Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Password Protected
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0689 MEDIUM PATCH This Month

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Custom Field Suite
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-22251 MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Fusion Workstation
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0984 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-0983 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1090 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1091 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1089 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1390 MEDIUM PATCH This Month

The Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Membership Content Restriction Paid Member Subscriptions
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1133 MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0514 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Royal Elementor Addons Elementor
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-51696 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Anti Spam
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-51530 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider - Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Logo Slider
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-51529 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega - Absolute Addons For Elementor.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ht Mega
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-51528 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack - Powered by GPT-4.8.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aipower
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-25930 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Custom Order Status Manager For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-24701 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.1.20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Setka Workflow
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-25932 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-25931 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Heureka
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0512 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Royal Elementor Addons Elementor
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1218 MEDIUM PATCH This Month

The Contact Form builder with drag & drop for WordPress - Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Contact Form Builder
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1336 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24708 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.19. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF W3Speedster
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1288 MEDIUM PATCH This Month

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Schema Structured Data For Wp Amp
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0515 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Royal Elementor Addons Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0513 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Royal Elementor Addons Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1337 MEDIUM PATCH This Month

The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Skt Templates
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1338 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1335 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1334 MEDIUM This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1339 MEDIUM PATCH This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1976 MEDIUM This Month

The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress CSRF Marketing Optimizer
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1953 MEDIUM PATCH This Month

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-1952 MEDIUM PATCH This Month

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-1942 MEDIUM PATCH This Month

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-1888 MEDIUM PATCH This Month

Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-23488 MEDIUM PATCH This Month

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1887 MEDIUM PATCH This Month

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-21723 MEDIUM This Month

Inadequate parsing of URLs could result into an open redirect. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy