Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-37950 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3. Published: July 20, 2024; 5:15:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37949 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1. Published: July 20, 2024; 5:15:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37948 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from n/a through 1.30.1. Published: July 20, 2024; 5:15:07 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37947 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2. Published: July 20, 2024; 5:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37946 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5. Published: July 20, 2024; 5:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37944 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1. Published: July 20, 2024; 5:15:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37943 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0. Published: July 20, 2024; 5:15:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37936 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in labibahmed Tabs For WPBakery Page Builder allows Stored XSS.This issue affects Tabs For WPBakery Page Builder: from n/a through 1.2. Published: July 20, 2024; 5:15:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37922 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34. Published: July 20, 2024; 5:15:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37920 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. Published: July 20, 2024; 5:15:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37919 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Timeline Module for Beaver Builder allows Stored XSS.This issue affects Timeline Module for Beaver Builder: from n/a through 1.1.3. Published: July 20, 2024; 5:15:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37918 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog – WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through 1.4.8. Published: July 20, 2024; 5:15:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37565 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.5. Published: July 20, 2024; 5:15:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37563 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0. Published: July 20, 2024; 5:15:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-6637 |
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user. Published: July 20, 2024; 4:15:16 AM -0400 |
V4.0:(not available) V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2024-6636 |
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account. Published: July 20, 2024; 4:15:16 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-6635 |
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, excluding an administrator, if they know the email of user. Published: July 20, 2024; 4:15:16 AM -0400 |
V4.0:(not available) V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2024-38767 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6. Published: July 20, 2024; 4:15:15 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-38758 |
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. Published: July 20, 2024; 4:15:15 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-38757 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Typebot allows Stored XSS.This issue affects Typebot: from n/a through 3.6.0. Published: July 20, 2024; 4:15:15 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |