Skip to main content
CVE-2024-35755 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.1.40. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Weather Widget Pro
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35753 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Onepager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35659 MEDIUM This Month

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.6.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-5771 MEDIUM This Month

A vulnerability classified as critical was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-22151 MEDIUM This Month

Missing Authorization vulnerability in Codection Import and export users and customers.24.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Import And Export Users And Customers
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35710 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5766 MEDIUM This Month

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Likeshop
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-35752 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.1.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Stellissimo Text Box
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-35756 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.2.15. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tooltip Ck
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-4468 MEDIUM PATCH This Month

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Salon Booking System
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-35682 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.6.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otter Blocks
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-4661 MEDIUM PATCH This Month

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Reset
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-35684 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress elasticpress.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-5770 MEDIUM PATCH This Month

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to,. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Force Ssl
NVD
CVSS 3.1
4.2
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy