Skip to main content
CVE-2024-2237 MEDIUM This Month

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Premium Addons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2126 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1997 MEDIUM This Month

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Premium Addons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1854 MEDIUM This Month

The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Essential Blocks
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1680 MEDIUM PATCH This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Premium Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1414 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1413 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1723 MEDIUM PATCH This Month

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Siteorigin Widgets Bundle
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1541 MEDIUM This Month

The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Gutenberg Blocks With Ai
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1497 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Orbit Fox
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1074 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Beaver Builder
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-0896 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Beaver Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1684 MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Otter Blocks
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1363 MEDIUM PATCH This Month

The Easy Accordion - Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Easy Accordion
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1293 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1291 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1237 MEDIUM PATCH This Month

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Header Footer Builder Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2030 MEDIUM This Month

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1296 MEDIUM This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Brizy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-0897 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Beaver Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2286 MEDIUM PATCH This Month

The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sky Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1894 MEDIUM PATCH This Month

The Burst Statistics - Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Burst Statistics
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1585 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1422 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Addon Elements Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-6954 MEDIUM This Month

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Download Manager
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1080 MEDIUM This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Beaver Builder
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1508 MEDIUM This Month

The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Prime Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1507 MEDIUM PATCH This Month

The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Prime Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1996 MEDIUM This Month

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Premium Addons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-6880 MEDIUM This Month

The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Visual Composer Website Builder
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-6809 MEDIUM This Month

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Custom Fields Shortcode
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1582 MEDIUM PATCH This Month

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Wp Go Maps
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2079 MEDIUM PATCH This Month

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wpbakery Page Builder Addons WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1537 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-0591 MEDIUM PATCH This Month

The wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpdatatables
NVD VulDB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2024-0976 MEDIUM PATCH This Month

The WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Event Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2024-1484 MEDIUM PATCH This Month

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Amelia
NVD VulDB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-1365 MEDIUM PATCH This Month

The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Yml For Yandex Market
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-7015 MEDIUM PATCH This Month

The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress File Manager Pro
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-0163 MEDIUM This Month

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Dell Poweredge R660 Firmware Poweredge R760 Firmware Poweredge C6620 Firmware +55
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-23672 MEDIUM PATCH This Month

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
2.3%
CVE-2024-1691 MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress File Upload Otter Blocks
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-0377 MEDIUM PATCH This Month

The LifterLMS - WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Lifterlms
NVD
CVSS 3.1
5.3
EPSS
4.2%
CVE-2024-25155 MEDIUM This Month

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Filecatalyst Direct
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2247 MEDIUM This Month

JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Artifactory
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25101 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik - Spam Blacklist allows Stored XSS.10.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Maspik
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-2403 MEDIUM This Month

Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-20322 MEDIUM This Month

A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xr
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-20315 MEDIUM This Month

A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-2106 MEDIUM PATCH This Month

The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Masterstudy Lms
NVD VulDB
CVSS 3.1
5.3
EPSS
1.9%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy