Skip to main content
CVE-2024-49081 MEDIUM This Month

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2024-12406 MEDIUM This Month

The Library Management System - Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11430 MEDIUM This Month

The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-54486 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-44248 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-10182 MEDIUM This Month

The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-12441 MEDIUM This Month

The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2024-49071 MEDIUM This Month

Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Defender For Endpoint
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-52901 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-12333 MEDIUM This Month

The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-55652 MEDIUM This Month

PenDoc is a penetration testing reporting application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ssti
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-49064 MEDIUM This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Microsoft Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-49062 MEDIUM This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2024-12463 MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Arena Im
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11433 MEDIUM This Month

The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11914 MEDIUM This Month

The Gutenberg Blocks and Page Layouts - Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11413 MEDIUM This Month

The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11901 MEDIUM This Month

The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11410 MEDIUM This Month

The Top and footer bars for announcements, notifications, advertisements, promotions - YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11384 MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Arena Im
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12338 MEDIUM This Month

The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolbox_username’ parameter in all versions up to, and including, 2.0.1 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2024-11279 MEDIUM This Month

The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2024-11760 MEDIUM This Month

The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11882 MEDIUM This Month

The FAQ And Answers - Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11871 MEDIUM This Month

The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11785 MEDIUM This Month

The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11781 MEDIUM This Month

The Smart Agenda - Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11766 MEDIUM This Month

The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase'. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11765 MEDIUM This Month

The WordPress Portfolio Plugin - A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11757 MEDIUM This Month

The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11891 MEDIUM This Month

The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11875 MEDIUM This Month

The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11750 MEDIUM This Month

The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12461 MEDIUM This Month

The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-11442 MEDIUM This Month

The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11427 MEDIUM This Month

The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-12072 MEDIUM This Month

The Analytics Cat - Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2024-31670 MEDIUM PATCH This Month

rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-11419 MEDIUM This Month

The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11417 MEDIUM This Month

The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-12160 MEDIUM This Month

The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11359 MEDIUM This Month

The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11052 MEDIUM This Month

The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ninja Forms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12162 MEDIUM This Month

The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-12156 MEDIUM This Month

The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11804 MEDIUM This Month

The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11723 MEDIUM This Month

The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11459 MEDIUM This Month

The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-12260 MEDIUM This Month

The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-12258 MEDIUM This Month

The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy