CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-5191 The Branda β White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βmime_typesβ parameter in all versions up to, and including, ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5945 The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtypeβ parameter in all versions up to, and including, 4.3 due to insufficient input sanitization. This make... | 6.4 | MEDIUM | β | 0 |
| CVE-2006-0049 gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which cause... | N/A | NONE | β | 0 |
| CVE-2024-5859 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βdβ parameter in all versions up to, and including, 4.4.2 d... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-6120 The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and i... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-5791 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 ... | 7.2 | HIGH | β | 0 |
| CVE-2024-4874 The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user contr... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-3593 The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_a... | 7.2 | HIGH | β | 0 |
| CVE-2024-5596 The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multipl... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-5431 The WPCafe β Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 v... | 8.8 | HIGH | β | 0 |
| CVE-2024-3249 The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, i... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-6028 The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user s... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-5451 The The7 β Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all vers... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-4869 The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βClient-IPβ header in all versions up to, and including, 3.2.0 due to insu... | 7.2 | HIGH | β | 0 |
| CVE-2024-5173 The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to in... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5332 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient inpu... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5215 The HT Mega β Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5289 The Gutenberg Blocks with AI by Kadence WP β Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and in... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6054 The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and in... | 8.8 | HIGH | β | 0 |
| CVE-2024-4569 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization a... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-4570 The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization a... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6283 The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insuffici... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-5601 The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-4983 The The Plus Addons for Elementor β Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βvideo_colorβ parameter ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6262 The Portfolio Gallery β Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insuf... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5863 The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-5864 The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and inc... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-6296 The Stackable β Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βdata-captionβ parameter in all versions up to, and including, 3.13.1 due to ins... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5796 The Infinite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βproject_urlβ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and out... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5424 The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5662 The Ultimate Post Kit Addons For Elementor β (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5922 The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insuffic... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5925 The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficie... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5598 The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possi... | 7.5 | HIGH | β | 0 |
| CVE-2024-5790 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ attribute within the plugin's Gradient Heading widget in all versions up to, and includin... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5819 The Gutenberg Blocks with AI by Kadence WP β Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and inclu... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-2386 The WordPress Plugin for Google Maps β WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to... | 8.8 | HIGH | β | 0 |
| CVE-2024-5938 The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the βlinkβ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insuffic... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5219 The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sani... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-3513 The Ultimate Blocks β WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag (postTitleTag) parameter in all versions up to, and including, 3.1.9 d... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5544 The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitizati... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-5545 The Motors β Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-50449 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-5260 The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripti... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6264 The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β$meta_keyβ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitiz... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6263 The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtitleβ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and o... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-6340 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.36 due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-3638 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all vers... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-3639 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-5641 The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ced_ocor_save_general_setting' function in all versions u... | 6.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.