CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-2962 The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() functio... | 5.3 | MEDIUM | — | 0 |
| CVE-2006-2833 Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when... | N/A | NONE | — | 0 |
| CVE-2024-2091 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitizat... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-2936 The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2963 The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-2968 The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-2969 The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptio... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-2250 The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1692 The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to in... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2143 The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2491 The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due ... | 6.4 | MEDIUM | — | 0 |
| CVE-2006-1511 Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. | N/A | NONE | — | 0 |
| CVE-2024-2931 The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_a... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2868 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-3022 The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including... | 7.2 | HIGH | — | 0 |
| CVE-2024-2830 The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including,... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1418 The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated att... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-3217 The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escapin... | 8.8 | HIGH | — | 0 |
| CVE-2024-1994 The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and includi... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2656 The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in al... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-2132 The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-48040 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0... | 8.5 | HIGH | — | 0 |
| CVE-2023-6967 The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9... | 8.8 | HIGH | — | 0 |
| CVE-2023-6993 The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-0376 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1289 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlle... | 6.5 | MEDIUM | — | 0 |
| CVE-2006-2834 PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | N/A | NONE | — | 0 |
| CVE-2024-1637 The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, an... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1641 The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all v... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1774 The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitizatio... | 7.2 | HIGH | — | 0 |
| CVE-2024-1794 The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitizati... | 7.2 | HIGH | — | 0 |
| CVE-2024-1852 The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient inpu... | 7.2 | HIGH | — | 0 |
| CVE-2024-1904 The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1974 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for au... | 8.8 | HIGH | — | 0 |
| CVE-2024-2018 The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supp... | 8.8 | HIGH | — | 0 |
| CVE-2024-2033 The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it ... | 4.3 | MEDIUM | — | 0 |
| CVE-2006-2903 Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | N/A | NONE | — | 0 |
| CVE-2024-2125 The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce v... | 8.8 | HIGH | — | 0 |
| CVE-2024-2185 The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input san... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2187 The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2200 The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to ins... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-2226 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versi... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2261 The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible f... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2302 The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and i... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2342 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1... | 8.8 | HIGH | — | 0 |
| CVE-2024-2423 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcod... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-48041 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary enhanced-tooltipglossary allows Stored XSS.This issue a... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-2492 The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2845 The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-3053 The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, ... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.