Skip to main content
CVE-2024-20359 MEDIUM POC KEV THREAT This Month

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an...

NVD
CVSS 3.1
6.0
EPSS
0.2%
Threat
4.7
CVE-2024-1756 MEDIUM POC This Month

The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Customers Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1743 MEDIUM POC This Month

The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Customers Manager
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-2404 MEDIUM POC This Month

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Better Comments
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-2402 MEDIUM POC This Month

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Better Comments
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3261 MEDIUM POC This Month

The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Strong Testimonials
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47504 MEDIUM This Month

Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.16.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Website Builder Elementor
NVD
CVSS 3.1
6.5
EPSS
7.8%
CVE-2024-3371 MEDIUM This Month

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Compass
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-20358 MEDIUM This Month

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Adaptive Security Appliance Software Firepower Threat Defense Software
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2022-45852 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32721 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jeg Elementor Kit Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32711 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32791 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.10.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32956 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23271 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32723 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32675 MEDIUM This Month

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32951 MEDIUM This Month

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0151 MEDIUM This Month

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32051 MEDIUM This Month

Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32803 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.40.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-32780 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-32833 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Halsey List Custom Taxonomy Widget allows Stored XSS.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32815 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget all-in-one-facebook-like-widget.2.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32707 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Image Slider Widget allows Stored XSS.1.125. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32722 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.2.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32834 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.3.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32801 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.3.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-4141 MEDIUM This Month

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32872 MEDIUM PATCH This Month

Umbraco workflow provides workflows for the Umbraco content management system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-28977 MEDIUM This Month

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Repository Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-28963 MEDIUM This Month

Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Telemetry Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32835 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32812 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Podlove Podcast Publisher
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32793 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.12.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Paid Memberships Pro
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32808 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-47774 MEDIUM This Month

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jetpack
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-32788 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.20.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-32716 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.7.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-25790 MEDIUM This Month

Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-48763 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-32678 MEDIUM This Month

Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.7.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-25785 MEDIUM This Month

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-32127 MEDIUM This Month

Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-23989 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-32823 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post - WP Rating System.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rate My Post
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-32677 MEDIUM This Month

Missing Authorization vulnerability in LoginPress LoginPress Pro.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-32782 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.4.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
3.7%
CVE-2024-32819 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Culqi.0.14. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-32775 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.1.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Google
NVD
CVSS 3.1
4.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy