Skip to main content
CVE-2024-2423 MEDIUM PATCH This Month

The UsersWP - Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Userswp
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2347 MEDIUM This Month

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2226 MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS Otter Blocks
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2788 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Happy Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2456 MEDIUM This Month

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2306 MEDIUM This Month

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2457 MEDIUM PATCH This Month

The Modal Window - create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 5.3.8 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Modal Window
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2335 MEDIUM This Month

The Elements Plus!. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2305 MEDIUM PATCH This Month

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Cards For Beaver Builder
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2289 MEDIUM This Month

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Powerpack For Beaver Builder
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2287 MEDIUM This Month

The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2039 MEDIUM This Month

The Stackable - Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1960 MEDIUM PATCH This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shoplentor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-6694 MEDIUM This Month

The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Beaver Themer
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2847 MEDIUM PATCH This Month

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress File Upload Wordpress File Upload
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1424 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Givewp
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-3053 MEDIUM PATCH This Month

The Forminator - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Forminator
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-28923 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.4). No vendor patch available.

Integer Overflow Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-26193 MEDIUM This Month

Azure Migrate Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.4). No vendor patch available.

Authentication Bypass RCE Microsoft Azure Migrate
NVD
CVSS 3.1
6.4
EPSS
0.9%
CVE-2024-2200 MEDIUM PATCH This Month

The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contact Form
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-2198 MEDIUM This Month

The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-4965 MEDIUM This Month

The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-2738 MEDIUM This Month

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Permalink Manager Lite
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-1850 MEDIUM This Month

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-28898 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Buffer Overflow Stack Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-28917 MEDIUM This Month

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Azure Arc Extension Microsoft Azstackhci Operator Azure Arc Extension Microsoft Azure Hybridnetwork +5
NVD
CVSS 3.1
6.2
EPSS
0.9%
CVE-2024-3214 MEDIUM PATCH This Month

The Relevanssi - A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE WordPress Relevanssi
NVD
CVSS 3.1
5.8
EPSS
1.8%
CVE-2024-0588 MEDIUM PATCH This Month

The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Paid Memberships Pro
NVD VulDB
CVSS 3.1
4.3
EPSS
9.3%
CVE-2024-31868 MEDIUM PATCH This Month

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Zeppelin
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-30190 MEDIUM This Month

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-30189 MEDIUM This Month

A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-2112 MEDIUM PATCH This Month

The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Information Disclosure WordPress Form Maker
NVD VulDB
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-6799 MEDIUM PATCH This Month

The WP Reset - Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure WordPress Wp Reset
NVD VulDB
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-20685 MEDIUM This Month

Azure Private 5G Core Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft Azure Private 5G Core
NVD
CVSS 3.1
5.9
EPSS
5.5%
CVE-2023-6777 MEDIUM PATCH This Month

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure WordPress Wp Go Maps
NVD VulDB
CVSS 3.1
5.3
EPSS
2.6%
CVE-2024-1587 MEDIUM This Month

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Authentication Bypass Newsmatic
NVD VulDB
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-25116 MEDIUM This Month

RedisBloom adds a set of probabilistic data structures to Redis. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Redis Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-29992 MEDIUM PATCH This Month

Azure Identity Library for .NET Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Azure Identity Library For Net
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-29905 MEDIUM PATCH This Month

DIRAC is an interware, meaning a software framework for distributed computing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Dirac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-29064 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-29063 MEDIUM This Month

Azure AI Search Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Microsoft Azure Ai Search
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-28902 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-28901 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-28900 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-26255 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-26209 MEDIUM This Month

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
14.8%
CVE-2024-26207 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-26172 MEDIUM This Month

Windows DWM Core Library Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-2302 MEDIUM PATCH This Month

The Easy Digital Downloads - Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Easy Digital Downloads
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-2786 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Happy Addons For Elementor Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy