The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An authorization issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved routing of Safari-originated requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A race condition was addressed with improved locking. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.7). No vendor patch available.
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows Mobile Broadband Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in the cert-manager package. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.
An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The NotificationX - Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The Cookie Consent for WP - Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was resolved by sanitizing logging. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed through improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.