Skip to main content
CVE-2024-2969 MEDIUM This Month

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Eggdrop
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-30521 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-2964 MEDIUM This Month

The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Pocket News Generator
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-30477 MEDIUM This Month

Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Klarna For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-3081 MEDIUM PATCH This Month

A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Easyadmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30514 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro - Payfast Gateway Add On.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-30511 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.45.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-30469 MEDIUM This Month

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wholesale For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-29024 MEDIUM This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-29020 MEDIUM This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Information Disclosure Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-23449 MEDIUM PATCH This Month

An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-0956 MEDIUM This Month

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Wp Erp
NVD VulDB
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-2108 MEDIUM PATCH This Month

The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ninja Forms
NVD VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-2963 MEDIUM This Month

The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Pocket News Generator
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-2968 MEDIUM This Month

The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Wp Eggdrop
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-30492 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-2113 MEDIUM PATCH This Month

The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ninja Forms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2476 MEDIUM This Month

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30463 MEDIUM This Month

Missing Authorization vulnerability in realmag777 BEAR.1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bear Woocommerce Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30462 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY - Products Filter for WooCommerce (formerly WOOF).3.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30454 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Sms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30458 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS - WooCommerce Currency Switcher.4.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Fox Currency Switcher Professional For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30457 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30456 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wordpress Currency Switcher
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30482 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Revisions Delete
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30468 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30455 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.8.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gamipress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30493 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30518 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30460 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2970 MEDIUM This Month

The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2844 MEDIUM PATCH This Month

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Easy Appointments
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-30613 MEDIUM This Month

Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac15 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy