Skip to main content
CVE-2024-13067 MEDIUM POC This Month

A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical.php of the component All Users Page. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-13079 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Land Record System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13078 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Land Record System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13077 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13076 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13075 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13072 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-13070 MEDIUM POC This Month

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13069 MEDIUM POC This Month

A vulnerability was found in SourceCodester Multi Role Login System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Multi Role Login System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13085 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Land Record System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-56213 MEDIUM This Month

Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.0.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-56216 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Builder themify-builder allows PHP Local File Inclusion.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-56031 MEDIUM This Month

Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product smart-shopify-product allows Exploiting Incorrectly Configured Access Control Security Levels.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-56235 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicky Kumar Coupon coupon-lite allows DOM-Based XSS.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-56231 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing saaspricing allows DOM-Based XSS.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-56224 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ledenbeheer Ledenbeheer ledenbeheer-external-connection allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-56221 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elicus WPMozo Addons Lite for Elementor wpmozo-addons-lite-for-elementor allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-56063 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-56062 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.3.987. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-55995 MEDIUM This Month

Missing Authorization vulnerability in Torod Company for Information Technology Torod torod allows Exploiting Incorrectly Configured Access Control Security Levels.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-55991 MEDIUM This Month

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.2.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12105 MEDIUM This Month

In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Whatsup Gold
NVD
CVSS 3.1
6.5
EPSS
42.4%
CVE-2024-56002 MEDIUM This Month

Missing Authorization vulnerability in mightyforms Contact Form, Survey & Form Builder - MightyForms mightyforms allows Exploiting Incorrectly Configured Access Control Security Levels.3.9. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-56256 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer.3.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-56225 MEDIUM This Month

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.10.56. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elementor
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-56222 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Cross Site Request Forgery.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-49686 MEDIUM This Month

Missing Authorization vulnerability in fatcatapps Landing Page Cat landing-page-cat.7.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56234 MEDIUM This Month

Missing Authorization vulnerability in vowelweb VW Automobile Lite vw-automobile-lite allows Exploiting Incorrectly Configured Access Control Security Levels.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-49694 MEDIUM This Month

Missing Authorization vulnerability in imw3 My Wp Brand my-wp-brand.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-48775 MEDIUM This Month

Missing Authorization vulnerability in Gfazioli WP Cleanfix wp-cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13084 MEDIUM This Month

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13083 MEDIUM This Month

A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13082 MEDIUM This Month

A vulnerability was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13081 MEDIUM This Month

A vulnerability was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13074 MEDIUM This Month

A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-56803 MEDIUM This Month

Ghostty is a cross-platform terminal emulator. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-13080 MEDIUM This Month

A vulnerability was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-51667 MEDIUM This Month

Missing Authorization vulnerability in paytiumsupport Paytium paytium.4.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-50850 MEDIUM This Month

Missing Authorization vulnerability in Woo WooCommerce Subscriptions woocommerce-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56229 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SearchIQ SearchIQ searchiq.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56218 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 - Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49698 MEDIUM This Month

Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49687 MEDIUM This Month

Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.45.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56227 MEDIUM This Month

Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.7.1001. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56215 MEDIUM This Month

Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.7.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56219 MEDIUM This Month

Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.0.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56217 MEDIUM This Month

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.3.03. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy