Skip to main content

Arena Im

3 CVEs product

Monthly

CVE-2024-12526 MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Arena Im
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12463 MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Arena Im
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11384 MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Arena Im
NVD
CVSS 3.1
6.4
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Arena Im
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Arena Im
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Arena Im
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy