Skip to main content
CVE-2024-1307 MEDIUM POC This Month

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Smart Forms
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31651 MEDIUM POC This Month

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31652 MEDIUM POC This Month

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31648 MEDIUM POC This Month

Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE Insurance Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2857 MEDIUM POC This Month

The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Simple Buttons Creator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-31649 MEDIUM POC This Month

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1849 MEDIUM POC This Month

The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Customer Reviews
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1846 MEDIUM POC This Month

The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Tabs
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1746 MEDIUM POC This Month

The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Testimonial Slider And Showcase
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1306 MEDIUM POC This Month

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Smart Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-3768 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Portal Project
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-3767 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Portal Project
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-1310 MEDIUM POC This Month

The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Woocommerce
NVD WPScan
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-2858 MEDIUM POC This Month

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Simple Buttons Creator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-2836 MEDIUM POC This Month

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Super Socializer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-1660 MEDIUM POC This Month

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Top Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0902 MEDIUM POC This Month

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fancy Product Designer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-1754 MEDIUM POC This Month

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nps Computy
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-1712 MEDIUM POC This Month

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Carousel Slider
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-1204 MEDIUM POC This Month

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Meta Box
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-32104 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.18.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

CSRF Nextmove
NVD
CVSS 3.1
4.3
EPSS
15.1%
CVE-2024-22439 MEDIUM This Month

A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
6.9
EPSS
0.2%
CVE-2024-24487 MEDIUM This Month

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Ds 600 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-30219 MEDIUM This Month

Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mzk Mf300N Firmware Mzk Mf300Hp2 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-23593 MEDIUM This Month

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-3786 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-3785 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-3784 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-32079 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32147 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.1.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Contact Form
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32140 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in libsyn Libsyn Publisher Hub libsyn-podcasting.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32091 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32036 MEDIUM PATCH This Month

ImageSharp is a 2D graphics API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagesharp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-32035 MEDIUM PATCH This Month

ImageSharp is a 2D graphics API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagesharp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-30840 MEDIUM This Month

A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Denial Of Service Ac15 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-3783 MEDIUM This Month

The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wbsairback
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23594 MEDIUM This Month

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Stack Overflow Lenovo Microsoft RCE
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-23558 MEDIUM This Month

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-3804 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408.1.5/server/fileupload2.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-31990 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-3803 MEDIUM This Month

A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-27794 MEDIUM This Month

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Filemaker Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-23559 MEDIUM This Month

HCL DevOps Deploy / Launch is generating an obsolete HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-32489 MEDIUM PATCH This Month

TCPDF before 6.7.4 mishandles calls that use HTML syntax. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Tcpdf
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3776 MEDIUM This Month

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Airpass
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24898 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-24891 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-32453 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.9.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Poeditor
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32429 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.0.13. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remove Footer Credit
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32428 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moss Web Works MWW Disclaimer Buttons allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mww Disclaimer Buttons
NVD
CVSS 3.1
5.9
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy