Skip to main content
CVE-2024-2526 MEDIUM POC This Month

A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24156 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-22513 MEDIUM POC PATCH This Month

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-28070 MEDIUM This Month

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS Micontact Center Business
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-23523 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.19.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2042 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elements Kit Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1239 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elements Kit Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2308 MEDIUM PATCH This Month

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementinvader Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2533 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2530 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2525 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2523 MEDIUM This Month

A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2521 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2519 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2518 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2515 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6525 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementskit Elementor Addons Elementor
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51487 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.2.32. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ari Stream Quiz
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51486 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Cross Site Request Forgery.2.101. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51489 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Crowdsignal Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51521 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.1.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-51491 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Depicter
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-1733 MEDIUM This Month

The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Word Replacer Pro
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1857 MEDIUM This Month

The Ultimate Gift Cards for WooCommerce - Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-24845 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-28862 MEDIUM PATCH This Month

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Rotp
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-2294 MEDIUM This Month

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft WordPress Path Traversal
NVD VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-51512 MEDIUM This Month

Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Product Table
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51510 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Export All Urls
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51407 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.6.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Split Test For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy