Skip to main content
CVE-2024-34469 HIGH POC This Week

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Rukovoditel
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-34468 MEDIUM POC This Month

Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-34467 MEDIUM POC PATCH This Month

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thinkphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-34461 CRITICAL PATCH Act Now

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-3240 HIGH This Week

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-34460 MEDIUM PATCH This Month

The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-34462 MEDIUM PATCH This Month

Alinto SOGo through 5.10.0 allows XSS during attachment preview. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sogo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-3868 MEDIUM This Month

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-3237 MEDIUM This Month

The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-7065 MEDIUM This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-34473 MEDIUM This Month

An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1050 MEDIUM This Month

The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy