Skip to main content
CVE-2024-55268 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Covid 19 Testing Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-50677 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oroplatform
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-48703 MEDIUM POC This Month

PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-10551 MEDIUM POC This Month

The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sticky Social Icons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9769 MEDIUM POC This Month

The Video Gallery - Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Gallery
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-10480 MEDIUM POC This Month

The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF 3Dprint Lite
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-54138 MEDIUM PATCH This Month

NuGet Gallery is a package repository that powers nuget.org. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nugetgallery
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-52558 MEDIUM This Month

The affected product is vulnerable to an integer underflow. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-50404 MEDIUM This Month

A link following vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qsync Central
NVD
CVSS 4.0
6.8
EPSS
1.4%
CVE-2024-53811 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit wdesignkit allows Upload a Web Shell to a Web Server.0.40. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-53803 MEDIUM This Month

Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.8.16.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-53813 MEDIUM This Month

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54213 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zionbuilder ZionBuilder zionbuilder allows Stored XSS.6.16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54210 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codexshaper Advanced Element Bucket Addons for Elementor cs-element-bucket allows Stored XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-53820 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.0.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54212 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.3.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-53823 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-53802 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra futurio-extra allows Stored XSS.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53794 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.27.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53801 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53796 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows DOM-Based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53797 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Stored XSS.8.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-11730 MEDIUM PATCH This Month

The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Kivicare
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-11729 MEDIUM PATCH This Month

The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Kivicare
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-10849 MEDIUM This Month

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4633 MEDIUM This Month

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11450 MEDIUM This Month

The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11352 MEDIUM This Month

The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11339 MEDIUM This Month

The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-10320 MEDIUM This Month

The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11201 MEDIUM This Month

The myCred - Loyalty Points and Rewards plugin for WordPress and WooCommerce - Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2024-11368 MEDIUM This Month

The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2024-11204 MEDIUM This Month

The ForumWP - Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Forumwp
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-10879 MEDIUM This Month

The ForumWP - Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Forumwp
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-10909 MEDIUM This Month

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-10681 MEDIUM This Month

The The ARMember - Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-11149 MEDIUM PATCH This Month

In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Information Disclosure Intel Openbsd
NVD
CVSS 4.0
6.2
EPSS
0.1%
CVE-2024-12326 MEDIUM PATCH This Month

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jirafeau
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12060 MEDIUM This Month

The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12003 MEDIUM This Month

The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-11823 MEDIUM This Month

The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11687 MEDIUM This Month

The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11336 MEDIUM This Month

The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-11276 MEDIUM This Month

The PDF Builder for WooCommerce. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11379 MEDIUM This Month

The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-10836 MEDIUM This Month

The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-54207 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows Stored XSS.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-54206 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads z-downloads allows Stored XSS.11.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-54211 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless borderless allows Cross-Site Scripting (XSS).5.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-11022 MEDIUM This Month

The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.6
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy