Skip to main content
CVE-2024-27987 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-25921 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-25936 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25919 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25916 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.4.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25593 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms - Ultimate Form Builder allows Stored XSS.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nex Forms
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-27189 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Social Widget
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25934 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formfacade
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25598 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-27100 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27085 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-28053 MEDIUM PATCH This Month

Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-24975 MEDIUM This Month

Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Mobile
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-2399 MEDIUM PATCH This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Premium Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1796 MEDIUM PATCH This Month

The HUSKY - Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Husky Products Filter Professional For Woocommerce
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2445 MEDIUM This Month

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mattermost Atlassian Mattermost Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-23298 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD VulDB
CVSS 3.1
5.5
EPSS
2.7%
CVE-2024-25596 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.1.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Doofinder
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-25592 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.2.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Broken Link Checker
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-2193 MEDIUM This Month

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. Rated medium severity (CVSS 5.7). No vendor patch available.

RCE Race Condition
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2023-50898 MEDIUM This Month

Missing Authorization vulnerability in sirv.Com Sirv.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sirv
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-26454 MEDIUM This Month

A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24748 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23944 MEDIUM PATCH This Month

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apache Information Disclosure Zookeeper
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-2495 MEDIUM This Month

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Friendlywrt
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-51522 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.10.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Paid Membership Subscriptions
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51369 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Customize My Account
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-50861 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY - Products Filter for WooCommerce (formerly WOOF).3.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-50886 MEDIUM This Month

Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Legal Pages
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51525 MEDIUM This Month

A vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.0.8.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2446 MEDIUM This Month

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2479 LOW Monitor

A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
3.5
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy