Skip to main content
CVE-2024-9224 MEDIUM This Month

The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 50.8% and no vendor patch available.

Path Traversal WordPress Hello World
NVD
CVSS 3.1
6.5
EPSS
50.8%
CVE-2024-9360 MEDIUM POC This Month

A vulnerability was found in code-projects Restaurant Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-9359 MEDIUM POC This Month

A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-46079 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9358 MEDIUM POC This Month

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Thingsboard
NVD VulDB
CVSS 4.0
6.0
EPSS
0.8%
CVE-2024-44610 MEDIUM POC This Month

PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
5.6
EPSS
1.0%
CVE-2024-47527 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-47525 MEDIUM POC PATCH THREAT This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
26.6%
CVE-2024-47523 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-46082 MEDIUM POC This Month

Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46083 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46081 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47524 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java Librenms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-31835 MEDIUM POC This Month

Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Flatpress
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2024-45967 MEDIUM POC This Month

Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pagekit
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-47528 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 4.0
4.6
EPSS
0.4%
CVE-2024-47609 MEDIUM PATCH This Month

Tonic is a native gRPC client & server implementation with async/await support. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-47608 MEDIUM This Month

Logicytics is designed to harvest and collect data for forensic analysis. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Logicytics
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-47071 MEDIUM This Month

OSS Endpoint Manager is an endpoint manager module for FreePBX. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-8632 MEDIUM This Month

The KB Support - WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Kb Support
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-9355 MEDIUM This Month

A vulnerability was found in Golang FIPS OpenSSL. Rated medium severity (CVSS 6.5). No vendor patch available.

OpenSSL Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8793 MEDIUM This Month

The Store Exporter for WooCommerce - Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Store Exporter For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2024-9209 MEDIUM This Month

The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Search Analytics
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2024-47396 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor move-addons allows Stored XSS.3.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-9391 MEDIUM This Month

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45408 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-25658 MEDIUM This Month

Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Transcend Network Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-0116 MEDIUM This Month

NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-9228 MEDIUM This Month

The Loggedin - Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Loggedin
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2024-9220 MEDIUM This Month

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Lh Copy Media File
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2024-8786 MEDIUM This Month

The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2024-8288 MEDIUM This Month

The Guten Post Layout - An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-9304 MEDIUM This Month

The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-8720 MEDIUM This Month

The RumbleTalk Live Group Chat - HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-9118 MEDIUM This Month

The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9060 MEDIUM This Month

The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-8324 MEDIUM This Month

The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9274 MEDIUM This Month

The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9272 MEDIUM This Month

The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9269 MEDIUM This Month

The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9119 MEDIUM This Month

The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8990 MEDIUM This Month

The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-8989 MEDIUM This Month

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews - Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stars_testimonials. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8727 MEDIUM This Month

The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2024-9397 MEDIUM This Month

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-47604 MEDIUM PATCH This Month

NuGet Gallery is a package repository that powers nuget.org. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nugetgallery
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-9241 MEDIUM This Month

The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Pdf Image Generator
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8799 MEDIUM This Month

The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Custom Banners
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9267 MEDIUM This Month

The Easy WordPress Subscribe - Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8728 MEDIUM This Month

The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy