Skip to main content
CVE-2024-35695 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Docs
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35688 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.0.5.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Master Addons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35681 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.6.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpdiscuz
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35719 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagniGenie RestroPress allows Stored XSS.1.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Restropress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35715 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in peregrinethemes Bloglo, peregrinethemes Blogvi allows Stored XSS.1.3; Blogvi: from n/a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bloglo
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35714 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Idyllic allows Stored XSS.1.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Idyllic
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35713 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Testimonial Carousel For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-35711 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Event
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35708 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.4.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rife Free
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35707 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.1.32. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Social Login
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35740 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.3.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pixgraphy
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35738 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Kognetiks Chatbot
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35731 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kenta Blocks
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35755 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.1.40. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Weather Widget Pro
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35753 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Onepager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35659 MEDIUM This Month

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.6.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-5771 MEDIUM This Month

A vulnerability classified as critical was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-22151 MEDIUM This Month

Missing Authorization vulnerability in Codection Import and export users and customers.24.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Import And Export Users And Customers
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35710 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5766 MEDIUM This Month

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Likeshop
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-35752 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.1.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Stellissimo Text Box
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-35756 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.2.15. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tooltip Ck
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-4468 MEDIUM PATCH This Month

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Salon Booking System
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-35682 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.6.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otter Blocks
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-4661 MEDIUM PATCH This Month

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Reset
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-35684 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress elasticpress.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-5770 MEDIUM PATCH This Month

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to,. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Force Ssl
NVD
CVSS 3.1
4.2
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy