Skip to main content
CVE-2024-3996 LOW POC Monitor

The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Post Show
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-4091 LOW POC Monitor

The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Gallery Grid
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-4004 LOW POC Monitor

The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Cron Manager
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-4002 LOW POC Monitor

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Carousel Slider Gallery By Wp Carousel
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2023-7297 LOW POC Monitor

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Twitterposts
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-10098 LOW POC Monitor

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Applyonline Application Form Builder And Manager
NVD WPScan
CVSS 3.1
2.7
EPSS
0.3%
CVE-2025-4762 LOW Monitor

Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.0
EPSS
0.3%
CVE-2025-47929 LOW Monitor

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-47786 LOW POC Monitor

Emlog is an open source website building system. Rated low severity (CVSS 1.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2024-7762 LOW POC Monitor

The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Simple Job Board
NVD WPScan
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-6711 LOW POC Monitor

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Event Tickets With Ticket Scanner
NVD WPScan
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-12767 LOW POC Monitor

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Buddyboss Platform
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-11140 LOW POC Monitor

The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Real Wp Shop Lite Ajax Ecommerce Shopping Cart
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-47774 LOW Monitor

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.9
EPSS
0.2%
CVE-2025-47285 LOW Monitor

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-47279 LOW PATCH Monitor

Undici is an HTTP/1.1 client for Node.js. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Node.js
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-2570 LOW PATCH Monitor

Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2025-27525 LOW Monitor

Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. Rated low severity (CVSS 3.9). No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
3.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy