Skip to main content
CVE-2024-43961 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Toggle Show Hide
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43952 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Esotera allows Stored XSS.2.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Esotera
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43951 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Tempera allows Stored XSS.8.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tempera
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43949 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.0.0-alpha. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ghacitivity Ghactivity
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43946 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks - Gutenberg based Page Builder allows Stored XSS.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Skt Blocks
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43936 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Embedpress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43935 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes - WordPress Recipe Plugin allows Stored XSS.6.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Delicious
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43934 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collapsing Archives
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-1056 MEDIUM This Month

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Funnel Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-7895 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Beaver Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7606 MEDIUM PATCH This Month

The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Front End Users
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5623 MEDIUM This Month

An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Industrial Automation Aprol
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-8303 MEDIUM This Month

A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6551 MEDIUM This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Givewp
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-5857 MEDIUM PATCH This Month

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Funnelforms Free
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-45232 MEDIUM PATCH This Month

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powermail
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-5624 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Industrial Automation Aprol
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-43960 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.4.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Web And Woocommerce Addons For Wpbakery Builder
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-43986 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.0.9. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ecab Taxi Booking Manager
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-35118 MEDIUM This Month

IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google IBM Maas360 Mdm
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-3944 MEDIUM This Month

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Wp To Do
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-43947 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.26. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Armour
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7418 MEDIUM PATCH This Month

The The Post Grid - Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure The Post Grid
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-5987 MEDIUM PATCH This Month

The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Accessibility Helper
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy