Skip to main content
CVE-2024-0852 HIGH POC This Week

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Coreactivity
NVD WPScan
CVSS 3.1
8.8
EPSS
2.9%
CVE-2024-6486 HIGH POC This Week

The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection WordPress RCE Imagemagick Engine
NVD WPScan
CVSS 3.1
7.2
EPSS
3.5%
CVE-2023-7239 HIGH POC This Week

The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Dashboard Notes
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-7231 HIGH POC This Week

The illi Link Party!. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Illi Link Party
NVD WPScan
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-5934 HIGH POC This Week

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Travelpayouts
NVD WPScan
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0249 HIGH POC This Week

The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Schedule Posts
NVD WPScan
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-7197 HIGH POC This Week

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Marketing Twitter Bot
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-7174 HIGH POC This Week

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Abitgone Commentsafe
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-3053 HIGH This Week

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Code Injection PHP
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2025-30419 HIGH This Week

There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-30418 HIGH This Week

There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow RCE Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-30417 HIGH This Week

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow RCE Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-48050 HIGH This Week

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-52877 HIGH This Week

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32922 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tobias WP2LEADS allows Stored XSS.5.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-47287 HIGH PATCH This Month

Tornado is a Python web framework and asynchronous networking library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Tornado Debian Linux Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-47787 HIGH POC PATCH This Week

Emlog is an open source website building system. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE File Upload Emlog
NVD GitHub
CVSS 4.0
8.9
EPSS
1.8%
CVE-2025-47785 HIGH POC This Week

Emlog is an open source website building system. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Emlog
NVD GitHub
CVSS 3.1
8.3
EPSS
1.6%
CVE-2025-47161 HIGH POC This Month

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Defender For Endpoint
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
4.4%
CVE-2024-9831 HIGH POC This Month

The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Taskbuilder
NVD WPScan
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-8700 HIGH POC This Month

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Event Calendar
NVD WPScan
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8699 HIGH POC This Month

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Z Downloads
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-6719 HIGH POC This Week

The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Offload Videos
NVD WPScan
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-12812 HIGH POC This Month

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Erp
NVD WPScan
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-12735 HIGH POC This Month

The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Advance Post Prefix
NVD WPScan
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-11372 HIGH POC This Month

The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Connexion Logs
NVD WPScan
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-11269 HIGH POC This Month

The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Ahathat
NVD WPScan
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-11267 HIGH POC This Week

The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Jsp Store Locator
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-30475 HIGH This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Privilege Escalation Insightiq
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-26481 HIGH This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-43853 HIGH POC PATCH This Month

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Webassembly Micro Runtime Windows
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-30421 HIGH This Month

There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Stack Overflow Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-30420 HIGH This Month

There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Circuit Design Suite
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-52880 HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2024-52879 HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-52878 HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-27523 HIGH This Month

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Microsoft Windows
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-13914 HIGH This Month

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-4579 HIGH This Month

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy