Skip to main content
CVE-2024-43807 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7144 MEDIUM This Month

The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Jetelements
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43011 MEDIUM This Month

An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-43009 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-43005 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS Zzcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-3399 MEDIUM This Month

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-7422 MEDIUM This Month

The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7501 MEDIUM This Month

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.2
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy