Skip to main content
CVE-2024-3105 CRITICAL Emergency

The Woody code snippets - Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php'. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 57.9% and no vendor patch available.

Code Injection RCE WordPress
NVD
CVSS 3.1
9.9
EPSS
57.9%
CVE-2024-5871 CRITICAL Act Now

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Woocommerce Social Login
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2024-4551 MEDIUM POC PATCH This Month

The Video Gallery - YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4258 CRITICAL PATCH Act Now

The Video Gallery - YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-6016 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Laundry Management System Project In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6015 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online House Rental System Project In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6014 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Document Management System Project In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6013 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Book Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project In Php And Mysql With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6009 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System Project In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6008 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6007 MEDIUM POC This Month

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-3813 HIGH This Week

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6696 HIGH PATCH This Week

The Popup Builder - Create highly converting, mobile friendly marketing popups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress SSRF Popup Builder
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-6000 HIGH This Week

The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE WordPress Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
3.7%
CVE-2024-27275 HIGH This Week

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2544 HIGH PATCH This Week

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass XSS Popup Builder
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-5868 MEDIUM This Month

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Social Login
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-4479 MEDIUM PATCH This Month

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Jeg Elementor Kit Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4095 MEDIUM This Month

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5611 MEDIUM This Month

The Stratum - Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2695 MEDIUM PATCH This Month

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shariff Wrapper
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5263 MEDIUM This Month

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementskit
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1399 MEDIUM This Month

The Restaurant Menu - Food Ordering System - Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-6006 LOW POC Monitor

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zkbiosecurity V5000
NVD VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2024-6005 LOW POC Monitor

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zkbiosecurity V5000
NVD VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2024-3815 MEDIUM This Month

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Newspaper
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3814 MEDIUM This Month

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Tagdiv Composer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-5858 MEDIUM This Month

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31870 LOW Monitor

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy