Skip to main content
CVE-2024-1380 MEDIUM POC PATCH THREAT This Month

The Relevanssi - A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.9%.

Authentication Bypass WordPress Relevanssi
NVD VulDB
CVSS 3.1
5.3
EPSS
86.9%
Threat
5.2
CVE-2024-1751 HIGH POC THREAT Act Now

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.2%.

SQLi WordPress Tutor Lms
NVD VulDB
CVSS 3.1
8.8
EPSS
35.2%
Threat
4.3
CVE-2024-2242 MEDIUM This Month

The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.5% and no vendor patch available.

XSS WordPress Contact Form 7
NVD VulDB
CVSS 3.1
6.1
EPSS
68.5%
CVE-2023-6825 CRITICAL POC PATCH Act Now

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Path Traversal File Manager
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
3.7%
CVE-2024-28194 CRITICAL POC Act Now

your_spotify is an open source, self hosted Spotify tracking dashboard. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Your Spotify
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0799 CRITICAL POC Act Now

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2024-2418 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Best POS Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best Pos Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1071 CRITICAL POC PATCH THREAT Act Now

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Ultimate Member
NVD GitHub
CVSS 3.1
9.8
EPSS
89.4%
CVE-2024-2123 HIGH PATCH Act Now

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 29.6%.

XSS WordPress Ultimate Member
NVD VulDB
CVSS 3.1
7.2
EPSS
29.6%
CVE-2024-0800 HIGH POC This Week

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Udp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-28195 HIGH POC PATCH This Week

your_spotify is an open source, self hosted Spotify tracking dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Your Spotify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-28673 HIGH POC This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-28671 HIGH POC This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-28684 HIGH POC This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28675 HIGH POC This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28665 HIGH POC This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28432 HIGH POC This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28431 HIGH POC This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-2400 HIGH POC This Week

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-2194 HIGH Act Now

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.8% and no vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
7.2
EPSS
27.8%
CVE-2024-0683 HIGH PATCH Act Now

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.4%.

WordPress Authentication Bypass Bulgarisation For Woocommerce
NVD VulDB
CVSS 3.1
7.3
EPSS
26.4%
CVE-2024-1234 MEDIUM POC PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Exclusive Addons For Elementor Elementor
NVD Exploit-DB VulDB
CVSS 3.1
6.4
EPSS
8.6%
CVE-2024-0801 HIGH POC THREAT This Week

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Udp
NVD
CVSS 3.1
7.5
EPSS
41.8%
CVE-2024-26529 HIGH POC This Week

An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-26630 HIGH POC PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-1311 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Brizy
NVD VulDB
CVSS 3.1
8.8
EPSS
9.6%
CVE-2024-28193 MEDIUM POC This Month

your_spotify is an open source, self hosted Spotify tracking dashboard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Your Spotify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0700 MEDIUM POC This Month

The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Tweet
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2413 CRITICAL Act Now

A critical authentication bypass vulnerability exists in Intumit SmartRobot due to the use of a hard-coded encryption key. Remote unauthenticated attackers can leverage this fixed key to forge authentication tokens by encrypting user credentials and timestamps, gaining full administrative access to the system. Once authenticated, attackers can execute arbitrary code on the server through built-in system functionality, achieving complete system compromise.

RCE Smartrobot
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-28682 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-28678 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-28196 MEDIUM POC This Month

your_spotify is an open source, self hosted Spotify tracking dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Your Spotify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28683 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28681 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28680 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28679 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28677 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28676 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28670 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28668 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28667 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28430 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28623 MEDIUM POC This Month

RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ritecms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-2172 CRITICAL Act Now

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25250 CRITICAL Act Now

SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Agro School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25153 CRITICAL Act Now

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Filecatalyst Workflow
NVD GitHub
CVSS 3.1
9.8
EPSS
41.7%
CVE-2024-28666 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-28429 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27703 MEDIUM POC This Month

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Leantime
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-28672 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy