Skip to main content
CVE-2024-11373 MEDIUM POC Monitor

The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Connexion Logs
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11266 MEDIUM POC Monitor

The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Geocache Stat Bar Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-11221 MEDIUM POC Monitor

The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Full Screen Page Background Image Slideshow
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-11190 MEDIUM POC Monitor

The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jwp A11Y
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-11189 MEDIUM POC Monitor

The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Share And Social Locker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-11141 MEDIUM POC This Month

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Sailthru Triggermail
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11109 MEDIUM POC Monitor

The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Wp Google Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10818 MEDIUM POC This Month

The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jsfiddle Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10677 MEDIUM POC Monitor

The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Blue Trait Event Viewer
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-10639 MEDIUM POC Monitor

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Auto Prune Posts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10634 MEDIUM POC Monitor

The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Nokaut Offers Box
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-10632 MEDIUM POC Monitor

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nokaut Offers Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-10631 MEDIUM POC This Week

The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Countdown Timer For Wordpress Block Editor
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-10504 MEDIUM POC This Month

The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Arforms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10475 MEDIUM POC Monitor

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Lead Form Elementor Builder Elementor
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10362 MEDIUM POC Monitor

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Media Share Buttons Social Sharing Icons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10143 MEDIUM POC Monitor

The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mb Custom Post Types Custom Taxonomies
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10107 MEDIUM POC Monitor

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rafflepress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-4714 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4713 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4712 MEDIUM POC This Week

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-30476 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Insightiq
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-4711 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4710 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4709 MEDIUM POC This Week

A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-44110 MEDIUM POC This Month

FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the Forum Description Field in admin_forums.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fluxbb
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4708 MEDIUM POC This Week

A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4707 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4706 MEDIUM POC This Week

A vulnerability was found in projectworlds Online Examination System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2527 MEDIUM PATCH Monitor

Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4737 MEDIUM This Month

Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-27524 MEDIUM This Month

Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-48027 MEDIUM This Month

The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-48024 MEDIUM This Month

In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2025-4589 MEDIUM This Month

The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4126 MEDIUM This Month

The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy