Skip to main content
CVE-2024-6477 HIGH POC This Week

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Userswp
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-7444 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Ticket Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ticket Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6390 MEDIUM POC This Month

The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-7257 CRITICAL Act Now

The YayExtra - WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-7438 MEDIUM POC This Month

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Simple Machines Forum
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7437 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Simple Machines Forum
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7436 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.htm. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.8%
CVE-2024-7446 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ticket Reservation System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-7445 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ticket Reservation System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-7031 HIGH PATCH This Week

The File Manager Pro - Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress PHP Filester
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7441 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Sd9364 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
8.1%
CVE-2024-7439 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cc8160 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-7291 HIGH This Week

The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-37286 MEDIUM PATCH This Month

APM server logs contain document body from a partially failed bulk index request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apm Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38321 MEDIUM This Month

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6872 MEDIUM PATCH This Month

The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Templatespare
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7356 MEDIUM PATCH This Month

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Zephyr Project Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7443 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ib8367A Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
2.7%
CVE-2024-7442 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd9364 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
2.7%
CVE-2024-7440 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cc8160 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
2.7%
CVE-2024-6709 MEDIUM PATCH This Month

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sps_add_update_post' function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Sync Post With Other Site
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy