Skip to main content
CVE-2024-3378 MEDIUM POC THREAT This Month

A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Web Gateway
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
22.0%
CVE-2024-3377 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3358 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aplaya Beach Resort Online Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3365 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Library System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Library System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3364 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Library System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Library System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3415 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Information System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Human Resource Information System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-3414 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Human Resource Information System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-2444 MEDIUM POC This Month

The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inline Related Posts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-1428 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Element Pack
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-0837 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Element Pack
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-3245 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2949 MEDIUM PATCH This Month

The Carousel, Slider, Gallery by WP Carousel - Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Carousel
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2471 MEDIUM PATCH This Month

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Foogallery
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2132 MEDIUM This Month

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ultimate Bootstrap Elements For Elementor Elementor Bootstrap
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2458 MEDIUM PATCH This Month

The Powerkit - Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Powerkit
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2296 MEDIUM PATCH This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Photo Gallery
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-3216 MEDIUM This Month

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Woocommerce Pdf Invoices Packing Slips Delivery Notes And Shipping Labels
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-2950 MEDIUM This Month

The BoldGrid Easy SEO - Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Easy Seo
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-2656 MEDIUM This Month

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-1994 MEDIUM This Month

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy