Skip to main content
CVE-2024-3068 MEDIUM PATCH This Month

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Custom Field Suite
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2024-2846 MEDIUM This Month

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-34433 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization One Click Demo Import
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-4417 MEDIUM This Month

The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-35172 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-25965 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-31113 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.2.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Digital Downloads
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6812 MEDIUM PATCH This Month

The WP Compress - Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Open Redirect Wp Compress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1693 MEDIUM This Month

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33956 MEDIUM This Month

Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33942 MEDIUM This Month

Missing Authorization vulnerability in Eric Alli Google Typography.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-34817 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1467 MEDIUM This Month

The Starter Templates - Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34827 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.7.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4689 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34828 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.1.32. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34825 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.4.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34823 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.7.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34557 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34439 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.14.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34427 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.6.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1230 MEDIUM This Month

The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress CSRF
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4463 MEDIUM This Month

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4314 MEDIUM This Month

The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4103 MEDIUM This Month

The ADFO - Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4082 MEDIUM This Month

The Joli FAQ SEO - WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4312 MEDIUM This Month

The Soccer Engine - Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4766 MEDIUM This Month

Different techniques existed to obscure the fullscreen notification in Firefox for Android. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4139 MEDIUM This Month

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-4138 MEDIUM This Month

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-33004 MEDIUM PATCH This Month

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-4317 MEDIUM POC This Month

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-28760 MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service App Connect Enterprise
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-28759 MEDIUM This Month

A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33009 MEDIUM This Month

SAP Global Label Management is vulnerable to SQL injection. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

SQLi SAP
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-30048 MEDIUM This Month

Dynamics 365 Customer Insights Spoofing Vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dynamics 365 Customer Insights
NVD
CVSS 3.1
4.1
EPSS
1.0%
CVE-2024-30047 MEDIUM This Month

Dynamics 365 Customer Insights Spoofing Vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dynamics 365 Customer Insights
NVD
CVSS 3.1
4.1
EPSS
1.0%
CVE-2024-34079 LOW PATCH Monitor

octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
3.7
EPSS
0.6%
CVE-2024-34713 LOW PATCH Monitor

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-33007 LOW Monitor

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-33000 LOW Monitor

SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-27839 LOW Monitor

A privacy issue was addressed by moving sensitive data to a more secure location. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-27837 LOW Monitor

A downgrade issue was addressed with additional code-signing restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-22343 LOW Monitor

IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Txseries For Multiplatform
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-27835 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-27803 LOW Monitor

A permissions issue was addressed with improved validation. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os
NVD VulDB
CVSS 3.1
2.4
EPSS
0.0%
Prev Page 15 of 15

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy