Skip to main content
CVE-2024-2841 MEDIUM PATCH This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Otter Blocks
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2936 MEDIUM PATCH This Month

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sydney Toolbox
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2842 MEDIUM PATCH This Month

The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Easy Appointments
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2280 MEDIUM PATCH This Month

The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Better Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2250 MEDIUM This Month

The 130+ Widgets | Best Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2116 MEDIUM This Month

The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-6047 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.9.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS E Commerce Software
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-30452 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Stored XSS.5.1.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-30448 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Slider by Supsystic allows Stored XSS.8.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-30444 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.Io WordPress Page Builder - Zion Builder allows Stored XSS.6.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-30430 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Email Newsletter Team - FluentCRM Fluent CRM allows Stored XSS.8.44. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fluentcrm
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-30440 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Event Post allows Stored XSS.2.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-30434 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-CRM System allows Stored XSS.2.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-30427 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.9.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spiffy Calendar
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-30453 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-1858 MEDIUM This Month

The Lightbox slider - Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-2969 MEDIUM This Month

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Eggdrop
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-30521 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-2964 MEDIUM This Month

The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Pocket News Generator
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-30477 MEDIUM This Month

Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Klarna For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-3081 MEDIUM PATCH This Month

A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Easyadmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30514 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro - Payfast Gateway Add On.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-30511 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.45.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-30469 MEDIUM This Month

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wholesale For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-29024 MEDIUM This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-29020 MEDIUM This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Information Disclosure Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-23449 MEDIUM PATCH This Month

An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-0956 MEDIUM This Month

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Wp Erp
NVD VulDB
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-2108 MEDIUM PATCH This Month

The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ninja Forms
NVD VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-2963 MEDIUM This Month

The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Pocket News Generator
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-2968 MEDIUM This Month

The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Wp Eggdrop
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-30492 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-2113 MEDIUM PATCH This Month

The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ninja Forms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2476 MEDIUM This Month

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30463 MEDIUM This Month

Missing Authorization vulnerability in realmag777 BEAR.1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bear Woocommerce Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30462 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY - Products Filter for WooCommerce (formerly WOOF).3.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30454 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Sms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30458 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS - WooCommerce Currency Switcher.4.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Fox Currency Switcher Professional For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30457 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30456 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wordpress Currency Switcher
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30482 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Revisions Delete
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30468 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30455 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.8.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gamipress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30493 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30518 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30460 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2970 MEDIUM This Month

The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2844 MEDIUM PATCH This Month

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Easy Appointments
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-30613 MEDIUM This Month

Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac15 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-30507 LOW Monitor

Authorization Bypass Through User-Controlled Key vulnerability in Molongui.7.7. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy