Skip to main content
CVE-2024-2340 MEDIUM POC THREAT This Month

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.2%.

Information Disclosure WordPress File Upload Avada
NVD
CVSS 3.1
5.3
EPSS
58.2%
Threat
4.3
CVE-2024-3097 MEDIUM POC PATCH THREAT This Month

The WordPress Gallery Plugin - NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Authentication Bypass Information Disclosure WordPress Nextgen Gallery
NVD
CVSS 3.1
5.3
EPSS
22.1%
CVE-2024-2311 MEDIUM POC This Month

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Avada
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-6486 MEDIUM POC PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Spectra
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2343 MEDIUM POC This Month

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Avada
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1664 MEDIUM POC This Month

The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Gallery Grid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-31544 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-0598 MEDIUM POC PATCH This Month

The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Gutenberg Blocks With Ai
NVD VulDB
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-2543 MEDIUM POC PATCH This Month

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Permalink Manager Lite
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2654 MEDIUM PATCH This Month

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal File Manager
NVD
CVSS 3.1
6.8
EPSS
1.9%
CVE-2024-0376 MEDIUM PATCH This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Premium Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
3.0%
CVE-2024-27242 MEDIUM This Month

Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Denial Of Service Zoom
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-28897 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-26253 MEDIUM This Month

Windows rndismp6.sys Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-26252 MEDIUM This Month

Windows rndismp6.sys Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-26168 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-2093 MEDIUM PATCH This Month

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Vk All In One Expansion Unit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-27247 MEDIUM This Month

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Jwt Attack Zoom
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-28924 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-28921 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-28919 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-28903 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-26250 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-26234 MEDIUM This Month

Proxy Driver Spoofing Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.7
EPSS
4.9%
CVE-2024-26171 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-20669 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-20665 MEDIUM This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-2325 MEDIUM PATCH This Month

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Link Library
NVD
CVSS 3.1
6.1
EPSS
2.5%
CVE-2024-1412 MEDIUM This Month

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Memberpress
NVD VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2023-6695 MEDIUM This Month

The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Beaver Themer
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-26233 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.6%
CVE-2024-26231 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2024-26227 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2024-26224 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.6%
CVE-2024-26223 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.6%
CVE-2024-26222 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2024-26221 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2024-1352 MEDIUM This Month

The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Classified Listing
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1289 MEDIUM This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Learnpress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-31368 MEDIUM This Month

Missing Authorization vulnerability in PenciDesign Soledad.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Soledad
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31454 MEDIUM PATCH This Month

PsiTransfer is an open source, self-hosted file sharing solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31453 MEDIUM PATCH This Month

PsiTransfer is an open source, self-hosted file sharing solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31867 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Zeppelin
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2024-26226 MEDIUM This Month

Windows Distributed File System (DFS) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 +4
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2024-26183 MEDIUM This Month

Windows Kerberos Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-21424 MEDIUM This Month

Azure Compute Gallery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Azure Compute Gallery
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2024-31865 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Zeppelin
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-28235 MEDIUM PATCH This Month

Contao is an open source content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Contao
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31487 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Fortinet Fortisandbox
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-31860 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Zeppelin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Apache Zeppelin
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy