Skip to main content
CVE-2024-1231 MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-28108 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25175 MEDIUM POC This Month

An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kickdler
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28106 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-27300 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-28435 MEDIUM POC This Month

The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF File Upload Twenty
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29025 MEDIUM POC PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Netty Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2024-30187 MEDIUM POC PATCH This Month

Anope before 2.0.15 does not prevent resetting the password of a suspended account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Anope
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-29179 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-1232 MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-1564 MEDIUM POC This Month

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Schema
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-38057 MEDIUM This Month

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Th Advance Product Search
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-27608 MEDIUM This Month

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Points And Rewards For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-28244 MEDIUM PATCH This Month

KaTeX is a JavaScript library for TeX math rendering on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Katex
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-28243 MEDIUM PATCH This Month

KaTeX is a JavaScript library for TeX math rendering on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Katex
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-21865 MEDIUM This Month

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-44626 MEDIUM This Month

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.1.20. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-29041 MEDIUM PATCH This Month

Express.js minimalist web framework for node. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Express
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-28245 MEDIUM PATCH This Month

KaTeX is a JavaScript library for TeX math rendering on the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Katex
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-29216 MEDIUM This Month

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-29009 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28183 MEDIUM PATCH This Month

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Authentication Bypass Apple Microsoft Esp Idf
NVD GitHub
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-30203 MEDIUM PATCH This Month

In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Emacs Org Mode Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-45356 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-37886 MEDIUM This Month

Missing Authorization vulnerability in InspiryThemes RealHomes realhomes.3.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-22699 MEDIUM This Month

Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mainwp Wordfence Extension Wordfence
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-45851 MEDIUM This Month

Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.1.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-45351 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-45352 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-28246 MEDIUM PATCH This Month

KaTeX is a JavaScript library for TeX math rendering on the web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Katex
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-21914 MEDIUM This Month

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Factorytalk View
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-25039 MEDIUM This Month

Missing Authorization vulnerability in CodePeople Google Maps CP.0.43. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Google Maps Cp
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-37885 MEDIUM This Month

Missing Authorization vulnerability in InspiryThemes RealHomes realhomes.3.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-33923 MEDIUM This Month

Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-45349 MEDIUM This Month

Missing Authorization vulnerability in Muffingroup Betheme.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Betheme
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-30480 MEDIUM This Month

Missing Authorization vulnerability in Sparkle WP Educenter.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy