Skip to main content
CVE-2023-6030 MEDIUM POC This Month

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP SQLi Logdash Activity Log
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9238 MEDIUM POC This Month

The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Avif Uploader
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-5440 MEDIUM POC This Month

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dynamic Content Personalization
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-6668 MEDIUM POC This Month

The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilepro
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-44185 MEDIUM POC This Month

SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Best Employee Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2247 MEDIUM POC This Month

The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Pmanager PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2248 MEDIUM POC This Month

The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Pmanager PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0970 MEDIUM POC This Month

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure User Activity Tracking And Log
NVD WPScan
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4695 MEDIUM POC This Month

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cyber Cafe Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4696 MEDIUM POC This Month

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cyber Cafe Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3053 HIGH This Week

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Code Injection PHP
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2025-46053 MEDIUM POC This Month

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Weberp
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2023-5529 MEDIUM POC This Month

The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Page Visit Counter
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-6783 MEDIUM POC This Month

The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wolfnet Idx For Wordpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3062 MEDIUM POC This Month

The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Save As Pdf
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-2643 MEDIUM POC This Month

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Sticky Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-1663 MEDIUM POC This Month

The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Noindex Nofollow Tool Ii
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-5932 MEDIUM POC This Month

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Travelpayouts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6462 MEDIUM POC This Month

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dl Yandex Metrika
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-7168 MEDIUM POC This Month

The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Better Flow Button For Jetpack
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13482 MEDIUM POC This Month

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram Engage
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6478 MEDIUM POC This Month

The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ctt Expresso Para Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-5026 MEDIUM POC This Month

The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cm Tooltip Glossary
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-2869 MEDIUM POC This Month

The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Property Listings
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13730 MEDIUM POC This Month

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Podlove Podcast Publisher
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13729 MEDIUM POC This Month

The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Podlove Podcast Publisher
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13621 MEDIUM POC This Month

The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Framework
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13616 MEDIUM POC This Month

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Vikbooking Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13486 MEDIUM POC This Month

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram Engage
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13384 MEDIUM POC This Month

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Robo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13383 MEDIUM POC This Month

The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hd Quiz
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13382 MEDIUM POC This Month

The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Calculated Fields Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13357 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ditty
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13313 MEDIUM POC This Month

The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Aweber
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12679 MEDIUM POC This Month

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Google Website Translator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10149 MEDIUM POC This Month

The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Slider Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10145 MEDIUM POC This Month

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Pug
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10144 MEDIUM POC This Month

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Robo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10054 MEDIUM POC This Month

The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Happyforms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6665 MEDIUM POC This Month

The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Kbucket
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-6335 MEDIUM POC This Month

The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tracking Code Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-48051 MEDIUM POC PATCH This Month

powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Powertip Ts
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2025-30419 HIGH This Week

There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-30418 HIGH This Week

There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow RCE Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-30417 HIGH This Week

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow RCE Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2023-7196 MEDIUM POC This Month

The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ultimate Noindex Nofollow Tool
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-7195 MEDIUM POC This Month

The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Reply Notify
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-10009 MEDIUM POC This Month

The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Melapress File Monitor
NVD WPScan
CVSS 3.1
4.1
EPSS
0.2%
CVE-2025-48050 HIGH This Week

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-52877 HIGH This Week

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy