Skip to main content
CVE-2024-29820 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.2.88. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-52228 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.0.24. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29803 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.1.05. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flatpm
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29801 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.6.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29799 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.59.211. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29798 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appsmav Gratisfaction allows Stored XSS.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29797 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Grid Shortcodes allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29795 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29788 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30179 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.7.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bold Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29812 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.6.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Reviewx
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29793 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mailchimp Forms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30186 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Slider - Addons For Elementor allows Stored XSS.13.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Prime Slider
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30182 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Mega ht-mega-for-elementor.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29932 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29926 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder allows Stored XSS.0.18. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wc Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29925 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.6.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Grid Slider Carousel Ultimate
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29913 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tutor Lms Elementor Addons Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29911 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.0.5.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Master Addons
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29811 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.0.73. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Radio Player
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29807 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.2.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dearflip
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29796 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hot Themes Hot Random Image allows Stored XSS.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hot Random Image
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29936 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects - Elementor Addon allows Stored XSS.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29933 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29930 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.8.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29910 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29908 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.Fr: from n/a through 0.5.71. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29934 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.4.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29917 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Compact WP Audio Player allows Stored XSS.9.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30197 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29804 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.2.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Fancy Comments
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29935 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sina Extension For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29927 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTheme WishSuite allows Stored XSS.3.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wishsuite
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-25920 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Sms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30185 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Element Pack
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30177 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.6.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30193 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30192 MEDIUM This Month

A vulnerability in GS Plugins GS Pins for Pinterest gs-pinterest-portfolio.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-29920 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.2.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Move Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0079 MEDIUM This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Linux Null Pointer Dereference Nvidia
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-0078 MEDIUM This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Linux Null Pointer Dereference Nvidia
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23451 MEDIUM PATCH This Month

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Elasticsearch
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20278 MEDIUM This Month

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-25962 MEDIUM This Month

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Insightiq
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1023 MEDIUM PATCH This Month

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2024-2203 MEDIUM PATCH This Month

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Information Disclosure RCE WordPress +2
NVD VulDB
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-2781 MEDIUM This Month

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Elementor Pro Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2139 MEDIUM This Month

The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Master Addons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2210 MEDIUM PATCH This Month

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Information Disclosure Path Traversal RCE WordPress +2
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1364 MEDIUM This Month

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Elementor Pro Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy