Skip to main content
CVE-2024-13846 MEDIUM This Month

The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Ultimate Learning Pro
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2020-6158 MEDIUM This Month

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-13883 MEDIUM This Month

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-55159 MEDIUM This Month

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-13900 MEDIUM PATCH This Month

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable.

RCE WordPress PHP Code Injection Head Footer And Post Injections
NVD
CVSS 3.1
4.1
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy