Skip to main content
CVE-2024-21514 HIGH POC PATCH THREAT This Week

This affects versions of the package opencart/opencart from 0.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SQLi Opencart
NVD GitHub
CVSS 3.1
8.1
EPSS
19.1%
CVE-2024-21519 HIGH POC This Week

This affects versions of the package opencart/opencart from 4.0.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Opencart
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-21518 HIGH POC PATCH THREAT This Week

This affects versions of the package opencart/opencart from 4.0.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opencart
NVD GitHub
CVSS 3.1
7.2
EPSS
14.1%
CVE-2024-6253 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-4940 MEDIUM POC This Month

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Open Redirect Gradio
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-5443 CRITICAL PATCH Act Now

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2024-38319 HIGH This Week

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Soar
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5791 HIGH This Week

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Online Booking Scheduling Calendar
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-3593 HIGH This Week

The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Ubermenu
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-6120 MEDIUM This Month

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Sparkle Demo Importer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-4313 MEDIUM PATCH This Month

The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Table Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-2484 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5966 MEDIUM This Month

The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Grey Opaque
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5965 MEDIUM This Month

The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Mosaic
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5346 MEDIUM This Month

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Flatsome
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5596 MEDIUM This Month

The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress CSRF
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-21516 LOW POC PATCH Monitor

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Opencart
NVD GitHub
CVSS 4.0
1.2
EPSS
0.3%
CVE-2024-21515 LOW POC PATCH Monitor

This affects versions of the package opencart/opencart from 4.0.0.0. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Opencart
NVD GitHub
CVSS 4.0
1.2
EPSS
0.3%
CVE-2024-21517 LOW POC PATCH Monitor

This affects versions of the package opencart/opencart from 4.0.0.0. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Opencart
NVD GitHub
CVSS 4.0
1.2
EPSS
0.2%
CVE-2024-6252 MEDIUM This Month

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Skycaiji
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-6251 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Playsms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-38379 MEDIUM This Month

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Allura
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2024-4874 MEDIUM This Month

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Bricks
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy