Skip to main content
CVE-2024-12304 MEDIUM PATCH This Month

The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gutenberg Blocks With Ai
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0106 MEDIUM This Month

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Expedition
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-0105 MEDIUM This Month

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Expedition
NVD
CVSS 4.0
6.9
EPSS
4.4%
CVE-2025-0104 HIGH This Month

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Expedition
NVD
CVSS 4.0
7.0
EPSS
0.8%
CVE-2025-0103 CRITICAL This Week

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto SQLi Expedition
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-42169 HIGH This Month

HCL MyXalytics is affected by insecure direct object references. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Myxalytics
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-42168 HIGH This Month

HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dryice Myxalytics
NVD
CVSS 3.1
8.9
EPSS
0.3%
CVE-2024-12627 HIGH This Month

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-12505 MEDIUM This Month

The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12404 HIGH This Month

The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.7% and no vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
24.7%
CVE-2024-12204 MEDIUM This Month

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-11327 MEDIUM PATCH This Month

The ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg &. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Clickwhale
NVD
CVSS 3.1
6.1
EPSS
1.5%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy