Skip to main content
CVE-2024-3136 CRITICAL POC PATCH THREAT Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
49.6%
Threat
4.9
CVE-2024-2340 MEDIUM POC THREAT This Month

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.2%.

Information Disclosure WordPress File Upload Avada
NVD
CVSS 3.1
5.3
EPSS
58.2%
Threat
4.3
CVE-2024-3097 MEDIUM POC PATCH THREAT This Month

The WordPress Gallery Plugin - NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Authentication Bypass Information Disclosure WordPress Nextgen Gallery
NVD
CVSS 3.1
5.3
EPSS
22.1%
CVE-2024-3523 HIGH POC This Week

A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Event Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3522 HIGH POC This Week

A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Event Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-29988 HIGH POC KEV PATCH THREAT This Week

SmartScreen Prompt Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +5
NVD
CVSS 3.1
8.8
EPSS
45.2%
CVE-2024-3281 HIGH POC This Week

A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Poly Ccx 350 Poly Ccx 400 Poly Ccx 500 Poly Ccx 505 +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31507 HIGH POC This Week

Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-31506 HIGH POC This Week

Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2344 HIGH POC This Week

SQL injection in the Avada theme for WordPress (versions up to and including 7.11.6) allows authenticated attackers with editor-level privileges or above to append arbitrary SQL queries via the 'entry' parameter and extract sensitive database contents. Publicly available exploit code exists, though EPSS places exploitation probability at 1.11% (78th percentile), indicating moderate but not widespread automated targeting. The flaw stems from insufficient input escaping and unprepared SQL statements in a widely-deployed commercial WordPress theme.

SQLi WordPress Avada
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-1813 CRITICAL Act Now

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Simple Job Board
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2024-2311 MEDIUM POC This Month

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Avada
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-6486 MEDIUM POC PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Spectra
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2343 MEDIUM POC This Month

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Avada
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1664 MEDIUM POC This Month

The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Gallery Grid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24576 CRITICAL Act Now

Rust is a programming language. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Fedora Rust
NVD GitHub
CVSS 3.1
10.0
EPSS
20.3%
CVE-2024-2804 CRITICAL Act Now

The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-31866 CRITICAL PATCH Act Now

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Zeppelin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-31864 CRITICAL PATCH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Apache RCE Zeppelin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2224 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Microsoft Endpoint Security Gravityzone Control Center
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2223 CRITICAL Act Now

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.0.5.200089 Bitdefender. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Endpoint Security Gravityzone Control Center
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-31544 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1974 HIGH PATCH This Week

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal WordPress Ht Mega
NVD VulDB
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-6999 HIGH This Week

The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Command Injection Pods
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-29990 CRITICAL Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Azure Kubernetes Service Confidential Containers
NVD
CVSS 3.1
9.0
EPSS
18.0%
CVE-2024-2693 HIGH This Week

The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1990 HIGH PATCH This Week

The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-2341 HIGH PATCH This Week

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Simply Schedule Appointments
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2018 HIGH This Week

The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress PHP Wp Activity Log
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-2342 HIGH PATCH This Week

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Simply Schedule Appointments
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-1315 HIGH This Week

The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Classified Listing
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-6967 HIGH This Week

The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Pods
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-1893 HIGH PATCH This Week

The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Easy Property Listings
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-1991 HIGH PATCH This Week

The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation WordPress Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-2125 HIGH This Week

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress CSRF Envialosimple
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-29993 HIGH This Week

Azure CycleCloud Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Azure Cyclecloud
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-29985 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29984 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29983 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29982 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29053 HIGH PATCH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Defender For Iot
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-29048 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29047 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29046 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29044 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-29043 HIGH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Odbc Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28945 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Ole Db Driver For Sql Server Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-28944 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Ole Db Driver For Sql Server Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28943 HIGH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Odbc Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28942 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Ole Db Driver For Sql Server Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
2.4%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy