Skip to main content
CVE-2024-8085 MEDIUM POC This Month

The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Peoplepond
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8082 MEDIUM POC Monitor

The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Widgets Reset
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8050 MEDIUM POC Monitor

The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Custom Author Base
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8032 MEDIUM POC This Month

The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Smooth Gallery Replacement
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8031 MEDIUM POC This Week

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Path Traversal Secure Downloads
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-8009 MEDIUM POC Monitor

The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sensei Lms
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7984 MEDIUM POC Monitor

The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Joy Of Text
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-7769 MEDIUM POC Monitor

The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Clicksold Idx
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-7762 LOW POC Monitor

The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Simple Job Board
NVD WPScan
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-7761 MEDIUM POC This Month

In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Job Board
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-7759 MEDIUM POC Monitor

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pwa For Wp Amp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-7758 MEDIUM POC Monitor

The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stylish Price List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-7556 MEDIUM POC Monitor

The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Share
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-6809 CRITICAL POC Act Now

The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Simple Video Directory
NVD WPScan
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-6798 MEDIUM POC Monitor

The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dl Verification
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6797 MEDIUM POC Monitor

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dl Robots Txt
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6719 HIGH POC This Week

The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Offload Videos
NVD WPScan
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-6718 MEDIUM POC This Month

The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pvn Auth Popup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-6713 MEDIUM POC Monitor

The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pvn Auth Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6712 MEDIUM POC This Month

The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Mapfig Studio
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-6711 LOW POC Monitor

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Event Tickets With Ticket Scanner
NVD WPScan
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-6708 MEDIUM POC Monitor

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profile Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-6693 MEDIUM POC Monitor

The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Content Copy Protection No Right Click
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-13128 MEDIUM POC Monitor

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Learnpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13127 MEDIUM POC Monitor

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Learnpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13053 MEDIUM POC Monitor

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Form Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12874 MEDIUM POC Monitor

The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Top Comments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12812 HIGH POC This Month

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Erp
NVD WPScan
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-12808 MEDIUM POC Monitor

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Erp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12800 MEDIUM POC Monitor

The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ip Based Login
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12770 MEDIUM POC Monitor

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12767 LOW POC Monitor

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Buddyboss Platform
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-12750 MEDIUM POC Monitor

The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Competition Form
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12743 MEDIUM POC Monitor

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mailpoet
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12739 MEDIUM POC Monitor

The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mobile Contact Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12735 HIGH POC This Month

The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Advance Post Prefix
NVD WPScan
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-12733 MEDIUM POC This Month

The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Affiliateimportereb
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12726 MEDIUM POC This Month

The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Clipart
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12725 MEDIUM POC This Month

The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Clasify Classified Listing
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12722 MEDIUM POC This Month

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Twitter Bootstrap Collapse Aka Accordian Shortcode Bootstrap
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-12716 MEDIUM POC Monitor

The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Basic Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12680 MEDIUM POC Monitor

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Google Website Translator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12301 MEDIUM POC This Week

The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Jsp Store Locator
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12282 MEDIUM POC This Month

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Wp Connect
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11843 MEDIUM POC Monitor

The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Panorama
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-11719 MEDIUM POC This Month

The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Tarteaucitron Wp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11718 MEDIUM POC PATCH This Month

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tarteaucitron Wp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-11502 MEDIUM POC This Month

The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Planning Center Online Giving
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-11373 MEDIUM POC Monitor

The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Connexion Logs
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11372 HIGH POC This Month

The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Connexion Logs
NVD WPScan
CVSS 3.1
7.2
EPSS
0.5%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy