Skip to main content
CVE-2024-9425 MEDIUM PATCH This Month

The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ad_tax_image shortcode in all versions up to, and including, 1.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced Category And Custom Taxonomy Image
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10057 MEDIUM PATCH This Month

The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Rss Feed Widget
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10080 MEDIUM This Month

The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Easy Post Types
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9703 MEDIUM PATCH This Month

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Arconix Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47793 MEDIUM This Month

Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exment
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9848 MEDIUM This Month

The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Product Customizer Light
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9452 MEDIUM This Month

The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Branding
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9373 MEDIUM This Month

The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elemenda
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9366 MEDIUM This Month

The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Easy Menu Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8916 MEDIUM This Month

The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Suki Sites Import
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10014 MEDIUM This Month

The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Flat Ui Button
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38820 MEDIUM PATCH This Month

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spring Framework
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-49023 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption RCE +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-10122 MEDIUM This Month

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Inner Rep Plus
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-9892 MEDIUM This Month

The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Add Widget After Content
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-43577 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-9364 MEDIUM This Month

The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Sendgrid
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-9361 MEDIUM This Month

The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Bulk Images Optimizer
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10040 MEDIUM This Month

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Infinite Scroll
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-46897 LOW Monitor

Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Exment
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2024-47486 LOW Monitor

There is an XSS vulnerability in some HikCentral Master Lite versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hikcentral Master
NVD
CVSS 4.0
2.1
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy