Skip to main content
CVE-2024-8426 MEDIUM POC Monitor

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pagelayer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8398 MEDIUM POC Monitor

The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Simple Nav Archives
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8397 MEDIUM POC This Month

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Consent
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8284 MEDIUM POC Monitor

The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Download Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-8245 MEDIUM POC Monitor

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Gamipress Reset User
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8187 MEDIUM POC Monitor

The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Post Show
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8095 MEDIUM POC This Month

The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Babeiz
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8094 MEDIUM POC This Week

The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ntz Atispam
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-8090 MEDIUM POC This Month

The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Javascript Logic
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8085 MEDIUM POC This Month

The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Peoplepond
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8082 MEDIUM POC Monitor

The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Widgets Reset
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8050 MEDIUM POC Monitor

The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Custom Author Base
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8032 MEDIUM POC This Month

The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Smooth Gallery Replacement
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8031 MEDIUM POC This Week

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Path Traversal Secure Downloads
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-8009 MEDIUM POC Monitor

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sensei Lms
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7984 MEDIUM POC Monitor

The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Joy Of Text
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-7769 MEDIUM POC Monitor

The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Clicksold Idx
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-7761 MEDIUM POC This Month

In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Job Board
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-7759 MEDIUM POC Monitor

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pwa For Wp Amp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-7758 MEDIUM POC Monitor

The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stylish Price List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-7556 MEDIUM POC Monitor

The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Share
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-6798 MEDIUM POC Monitor

The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dl Verification
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6797 MEDIUM POC Monitor

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dl Robots Txt
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6718 MEDIUM POC This Month

The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pvn Auth Popup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-6713 MEDIUM POC Monitor

The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pvn Auth Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6712 MEDIUM POC This Month

The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Mapfig Studio
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-6708 MEDIUM POC Monitor

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profile Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6693 MEDIUM POC Monitor

The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Content Copy Protection No Right Click
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-13128 MEDIUM POC Monitor

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Learnpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13127 MEDIUM POC Monitor

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Learnpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13053 MEDIUM POC Monitor

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Form Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12874 MEDIUM POC Monitor

The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Top Comments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12808 MEDIUM POC Monitor

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Erp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12800 MEDIUM POC Monitor

The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ip Based Login
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12770 MEDIUM POC Monitor

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12750 MEDIUM POC Monitor

The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Competition Form
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12743 MEDIUM POC Monitor

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mailpoet
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12739 MEDIUM POC Monitor

The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mobile Contact Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12733 MEDIUM POC This Month

The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Affiliateimportereb
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12726 MEDIUM POC This Month

The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Clipart
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12725 MEDIUM POC This Month

The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Clasify Classified Listing
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12722 MEDIUM POC This Month

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Twitter Bootstrap Collapse Aka Accordian Shortcode Bootstrap
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-12716 MEDIUM POC Monitor

The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Basic Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12680 MEDIUM POC Monitor

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Google Website Translator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12301 MEDIUM POC This Week

The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Jsp Store Locator
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12282 MEDIUM POC This Month

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Wp Connect
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11843 MEDIUM POC Monitor

The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Panorama
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-11719 MEDIUM POC This Month

The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Tarteaucitron Wp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11718 MEDIUM POC PATCH This Month

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tarteaucitron Wp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-11502 MEDIUM POC This Month

The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Planning Center Online Giving
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy