Skip to main content

CWE-82

Improper Neutralization of Script in Attributes of IMG Tags in a Web Page

6 CVEs Avg CVSS 8.6 MITRE
5
CRITICAL
0
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2024-52434 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.10.29. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2024-52427 CRITICAL Act Now

Deserialization of untrusted data in the Vollstart Event Tickets with Ticket Scanner WordPress plugin (versions up to and including 2.3.11) enables Server-Side Include (SSI) Injection, allowing authenticated low-privilege attackers to execute arbitrary code with scope-changing impact across the affected WordPress instance. With an EPSS score of 12.22% (94th percentile) and CVSS 9.9, this represents a high-priority issue, though no public exploit identified at time of analysis. The vulnerability was disclosed by Patchstack and impacts WordPress sites running this plugin.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
12.2%
CVE-2024-52393 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.1.15. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-49271 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization Elementor
NVD VulDB
CVSS 3.1
9.1
EPSS
2.8%
CVE-2024-48042 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.7.28. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD VulDB
CVSS 3.1
9.1
EPSS
1.9%
CVE-2023-30963 MEDIUM This Month

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Foundry Frontend
NVD
CVSS 3.1
5.4
EPSS
0.4%
EPSS 1% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.10.29. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD
EPSS 12% CVSS 9.9
CRITICAL Act Now

Deserialization of untrusted data in the Vollstart Event Tickets with Ticket Scanner WordPress plugin (versions up to and including 2.3.11) enables Server-Side Include (SSI) Injection, allowing authenticated low-privilege attackers to execute arbitrary code with scope-changing impact across the affected WordPress instance. With an EPSS score of 12.22% (94th percentile) and CVSS 9.9, this represents a high-priority issue, though no public exploit identified at time of analysis. The vulnerability was disclosed by Patchstack and impacts WordPress sites running this plugin.

Deserialization
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.1.15. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization Elementor
NVD VulDB
EPSS 2% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.7.28. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Foundry Frontend
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy