Skip to main content
CVE-2024-49304 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.9.9.5.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-48037 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-43580 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-49284 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox wp-sendfox allows Retrieve Embedded Sensitive Data.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-9683 MEDIUM This Month

A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Quay
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-49580 MEDIUM PATCH This Month

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ktor
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-3186 MEDIUM This Month

0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-49593 MEDIUM This Month

In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-49312 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.0.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-49392 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Cyber Files
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-45713 MEDIUM This Month

SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kiwi Cattools
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-48047 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce linked-variation-for-woocommerce allows Cross Site Request Forgery.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-48038 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in tuxlog wp-Monalisa wp-monalisa.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-9352 MEDIUM PATCH This Month

The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Forminator Forms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-9351 MEDIUM PATCH This Month

The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Forminator Forms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7417 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Royal Elementor Addons
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-9940 MEDIUM PATCH This Month

The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection WordPress Calculated Fields Form
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy