Skip to main content
CVE-2023-6731 MEDIUM PATCH This Month

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wp Show Posts
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-3936 MEDIUM This Month

The The Post Grid - Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1716 MEDIUM This Month

The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2960 MEDIUM This Month

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Svs Pricing Tables
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0847 MEDIUM This Month

The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4086 MEDIUM This Month

The CM Tooltip Glossary - Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-7067 MEDIUM PATCH This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +10 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Shoplentor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2959 MEDIUM This Month

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Svs Pricing Tables
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4083 MEDIUM This Month

The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1415 MEDIUM This Month

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF File Upload
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4128 MEDIUM PATCH This Month

This vulnerability was a potential CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Google Firebase Command Line Interface
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34147 MEDIUM This Month

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Telegram Bot
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-31965 MEDIUM This Month

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker. Rated medium severity (CVSS 4.2). No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-4029 MEDIUM This Month

A vulnerability was found in Wildfly’s management interface. Rated medium severity (CVSS 4.1). No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy