CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-5424 The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, ... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-5426 The Photo Gallery by 10Web β Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βsvgβ parameter in all versions up to, and including, 1.8.23 due to... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5481 The Photo Gallery by 10Web β Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it pos... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-5645 The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βbutton_css_idβ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insuffic... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5732 A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper au... | 7.3 | HIGH | β | 0 |
| CVE-2024-5637 The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This ... | 7.5 | HIGH | β | 0 |
| CVE-2024-5733 A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the ar... | 7.3 | HIGH | β | 0 |
| CVE-2024-5734 A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument ima... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-36673 Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-5382 The Master Addons β Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-5438 The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' functio... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-5542 The Master Addons β Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the pl... | 7.2 | HIGH | β | 0 |
| CVE-2024-5599 The FileOrganizer β Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_hand... | 7.5 | HIGH | β | 0 |
| CVE-2024-31878 IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-37160 Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This ... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-36773 A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php. | 4.8 | MEDIUM | β | 0 |
| CVE-2024-36788 Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router an... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-37162 zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. Th... | 4.0 | MEDIUM | β | 0 |
| CVE-2024-32503 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor l... | 8.4 | HIGH | β | 0 |
| CVE-2024-30162 Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handle... | 7.2 | HIGH | β | 0 |
| CVE-2024-37163 SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for th... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5745 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?actio... | 7.3 | HIGH | β | 0 |
| CVE-2024-36811 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295... | N/A | NONE | β | 0 |
| CVE-2024-37388 An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted ... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-49221 Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded servic... | 7.8 | HIGH | β | 0 |
| CVE-2023-49222 Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges. | 8.8 | HIGH | β | 0 |
| CVE-2023-49223 Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract... | 8.8 | HIGH | β | 0 |
| CVE-2024-5663 The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanit... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5770 The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, a... | 4.2 | MEDIUM | β | 0 |
| CVE-2024-4661 The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes ... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-5087 The Minimal Coming Soon β Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_aja... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-35756 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.This issue affects Tooltip CK: from n/a thro... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-5613 The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the βidβ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and includin... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-5638 The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the βidβ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-4468 The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all version... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-5654 The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions u... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-35755 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-5766 A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation le... | 2.4 | LOW | β | 0 |
| CVE-2024-35730 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects A... | 7.1 | HIGH | β | 0 |
| CVE-2024-35731 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-35733 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for ... | 7.1 | HIGH | β | 0 |
| CVE-2024-35734 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Bo... | 7.1 | HIGH | β | 0 |
| CVE-2024-12741 A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially craft... | 7.8 | HIGH | β | 0 |
| CVE-2024-35736 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1. | 8.5 | HIGH | β | 0 |
| CVE-2024-35737 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: fro... | 7.1 | HIGH | β | 0 |
| CVE-2024-35738 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Ch... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-35740 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through 1.... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-35750 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gall... | 8.5 | HIGH | β | 0 |
| CVE-2024-35751 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issu... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.