Skip to main content
CVE-2024-43347 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.7.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-39666 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-43266 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.1.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-43292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.4.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Envo S Elementor Templates Widgets For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43309 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.1.27. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Telegram Widget And Join Link
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43308 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gutentor
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43346 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Modal Window
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43342 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.6.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ultimate Store Kit
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43335 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks - WordPress Gutenberg Blocks allows Stored XSS.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Responsive Blocks
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43329 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.2.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Allegiant
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43350 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.7.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35686 MEDIUM This Month

Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-7906 MEDIUM This Month

A vulnerability classified as critical was found in DedeBIZ 6.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Dedebiz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-43291 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder allows Stored XSS.4.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Void Contact Form 7 Widget For Elementor Page Builder
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-43324 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Clever Addons For Elementor
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-43239 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.11.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy