Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-23872 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2. Published: May 17, 2024; 3:15:48 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-23700 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. Published: May 17, 2024; 3:15:48 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-23645 |
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. Published: May 17, 2024; 3:15:48 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-45374 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. Published: May 17, 2024; 3:15:47 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-45368 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75. Published: May 17, 2024; 3:15:47 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-45070 |
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3. Published: May 17, 2024; 3:15:47 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-44581 |
Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. Published: May 17, 2024; 3:15:46 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3580 |
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) Published: May 17, 2024; 2:15:53 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3231 |
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. Published: May 17, 2024; 2:15:53 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34757 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg: from n/a through 1.5.3. Published: May 17, 2024; 2:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34752 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8. Published: May 17, 2024; 2:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34575 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2. Published: May 17, 2024; 2:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34567 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29. Published: May 17, 2024; 2:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-32800 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through 2.3.1. Published: May 17, 2024; 2:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-2744 |
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed Published: May 17, 2024; 2:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-2697 |
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: May 17, 2024; 2:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3551 |
The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files. Published: May 16, 2024; 11:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-30060 |
Azure Monitor Agent Elevation of Privilege Vulnerability Published: May 16, 2024; 7:15:49 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3134 |
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: May 16, 2024; 6:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-4204 |
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and duplicate posts, retrieve post content, and modify post taxonomy among other things via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: May 16, 2024; 5:16:10 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |