Skip to main content
CVE-2024-2920 MEDIUM This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-32826 MEDIUM This Month

Missing Authorization vulnerability in Vektor,Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-32957 MEDIUM This Month

Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.5.38. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-32829 MEDIUM This Month

Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.10.31. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-32822 MEDIUM This Month

Missing Authorization vulnerability in impleCode Reviews Plus.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33691 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.15.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33690 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33689 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio Station radio-station.5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33683 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33650 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33678 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in eranfl ClickCease Click Fraud Protection clickcease-click-fraud-protection.2.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33677 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.5.70. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33688 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.0.31. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teluro
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-32828 MEDIUM This Month

Missing Authorization vulnerability in Octolize Flexible Shipping.24.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33679 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-4182 MEDIUM PATCH This Month

Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-32046 MEDIUM PATCH This Month

Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-33670 MEDIUM PATCH This Month

Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Passbolt Api
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-4198 LOW PATCH Monitor

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2024-4195 LOW PATCH Monitor

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
2.7
EPSS
0.5%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy