Skip to main content
CVE-2024-0590 MEDIUM PATCH This Month

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.8%.

Microsoft WordPress CSRF Clarity
NVD
CVSS 3.1
6.1
EPSS
24.8%
CVE-2024-1982 MEDIUM POC PATCH This Month

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass SQLi WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27662 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27661 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27660 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27659 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27658 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24155 MEDIUM POC This Month

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24150 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-24149 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-24147 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-24146 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-21726 MEDIUM POC THREAT This Month

Inadequate content filtering leads to XSS vulnerabilities in various components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.5
EPSS
48.8%
CVE-2024-25712 MEDIUM POC PATCH This Month

http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Http Swagger
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22936 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Parents Student Portal
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-1970 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Learning System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-26462 MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1192 MEDIUM POC This Month

A vulnerability was found in South River WebDrive 18.00.5057. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webdrive
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1191 MEDIUM POC This Month

A vulnerability was found in Hyper CdCatalog 2.3.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cdcat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27517 MEDIUM POC This Month

Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webasyst
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-27092 MEDIUM POC PATCH This Month

Hoppscotch is an API development ecosystem. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Hoppscotch
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25831 MEDIUM POC This Month

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Datacube3
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-26458 MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +5
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-1977 MEDIUM POC This Month

The Restaurant Solutions - Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Restaurant Solutions Checklist
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0604 MEDIUM POC This Month

The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Foogallery
NVD VulDB
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-0602 MEDIUM POC PATCH This Month

The YARPP - Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Yet Another Related Posts Plugin
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0379 MEDIUM PATCH This Month

The Custom Twitter Feeds - A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.9%.

WordPress CSRF Custom Twitter Feeds
NVD VulDB
CVSS 3.1
4.3
EPSS
13.9%
CVE-2024-1519 MEDIUM PATCH This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Profilepress
NVD VulDB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-0438 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
1.7%
CVE-2023-6923 MEDIUM PATCH This Month

The Matomo Analytics - Ethical Stats. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Matomo
NVD VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2024-20294 MEDIUM This Month

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Extensible Operating System Nx Os Unified Computing System
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-0838 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.9%
CVE-2024-1425 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.8%
CVE-2024-1043 MEDIUM PATCH This Month

The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Accelerated Mobile Pages
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-1318 MEDIUM PATCH This Month

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-25594 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Mywaze
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25098 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio - with Cache Support allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pb Oembed Html5 Audio
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25094 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.9.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pj News Ticker
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1349 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-24988 MEDIUM PATCH This Month

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-23493 MEDIUM PATCH This Month

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1242 MEDIUM This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Premium Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1235 MEDIUM PATCH This Month

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1570 MEDIUM PATCH This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Profilepress
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1408 MEDIUM PATCH This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Profilepress
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-6806 MEDIUM PATCH This Month

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Starbox
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1496 MEDIUM PATCH This Month

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Featured Image From Url
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1058 MEDIUM PATCH This Month

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Siteorigin Widgets Bundle
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1276 MEDIUM This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1277 MEDIUM PATCH This Month

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ocean Extra
NVD
CVSS 3.1
6.4
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy