CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-4552 The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being su... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-2382 The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the a... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-3031 The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and o... | 4.4 | MEDIUM | β | 0 |
| CVE-2024-20886 Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory. | 6.2 | MEDIUM | β | 0 |
| CVE-2023-38520 External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-39161 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Discussion Board Discussion Board allows Content Spoofing, Cross-Site Scripting (XSS).This issue affec... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-40557 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in PickPlugins Tabs & Accordion allows Code Injection.This issue affects Tabs & Accordion: from n/a through ... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-40673 : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-41134 Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-5421 Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, ... | N/A | NONE | β | 0 |
| CVE-2024-5422 An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects ... | N/A | NONE | β | 0 |
| CVE-2023-45009 Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-5751 A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.Β | 7.8 | HIGH | β | 0 |
| CVE-2024-5000 An unauthenticated remote attacker can use aΒ malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. | 7.5 | HIGH | β | 0 |
| CVE-2023-45053 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot β Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue ... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-45635 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-46630 Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): f... | 7.5 | HIGH | β | 0 |
| CVE-2023-47513 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-47769 Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3. | 3.7 | LOW | β | 0 |
| CVE-2023-47818 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n... | 3.7 | LOW | β | 0 |
| CVE-2023-48271 Authentication Bypass by Spoofing vulnerability in yonifre Maspik β Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik β Spam blacklist: from n/a ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48276 Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48285 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48335 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login pag... | 3.7 | LOW | β | 0 |
| CVE-2023-48745 Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48753 Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a throu... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-49741 Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintena... | 3.7 | LOW | β | 0 |
| CVE-2023-49748 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This iss... | 3.7 | LOW | β | 0 |
| CVE-2023-49774 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-49822 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimat... | 3.7 | LOW | β | 0 |
| CVE-2023-49852 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slic... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-37062 Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's syste... | 7.8 | HIGH | β | 0 |
| CVE-2024-37063 A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the bro... | 7.8 | HIGH | β | 0 |
| CVE-2024-37064 Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's sys... | 7.8 | HIGH | β | 0 |
| CVE-2024-37065 Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded. | 7.8 | HIGH | β | 0 |
| CVE-2023-51542 Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-52147 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constra... | 3.7 | LOW | β | 0 |
| CVE-2023-52176 Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-25600 Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-33560 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8. | 9.0 | CRITICAL | β | 0 |
| CVE-2024-33628 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0... | 8.8 | HIGH | β | 0 |
| CVE-2024-34384 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-59586 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Portfolio penci-portfolio allows DOM-Based XSS.This issue affects Penci Portfoli... | N/A | NONE | β | 0 |
| CVE-2024-34551 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9... | 9.0 | CRITICAL | β | 0 |
| CVE-2024-34552 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9... | 8.5 | HIGH | β | 0 |
| CVE-2024-34554 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a... | 8.5 | HIGH | β | 0 |
| CVE-2024-34792 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65. | 9.1 | CRITICAL | β | 0 |
| CVE-2024-35629 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads β Recent Purchases allows PHP Remote File In... | 9.6 | CRITICAL | β | 0 |
| CVE-2024-35634 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce β Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerc... | 4.9 | MEDIUM | β | 0 |
| CVE-2024-35654 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive allows Stored XSS.This issue affects Responsive: from n/a through 5.... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.