Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-4705 The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4788 The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versio... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-4942 The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escap... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-5001 The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag'... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5179 The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possi... | 8.8 | HIGH | — | 0 |
| CVE-2024-5224 The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardoza_facebook_like_box' shortcode in all versions up to, and in... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5324 The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in vers... | 8.8 | HIGH | — | 0 |
| CVE-2024-5342 The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sips_popup' shortcode in all versions up to, and including, 1.0 due to insufficient... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2017 The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functio... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-0972 The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticate... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-1175 The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all version... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-2922 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-36775 A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profil... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-4364 The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4458 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insuffici... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4459 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4608 The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to,... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-4707 The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-49201 Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-5141 The Rotating Tweets (Twitter widget and shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's' 'rotatingtweets' in all versions up to, and including, 1.9.10 due... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5152 The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input s... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5153 The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unau... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-5161 The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ paramete... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5162 The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5449 The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a mi... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-5615 The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraph_default_description' function. This makes it possibl... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-4177 A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console v... | 8.1 | HIGH | — | 0 |
| CVE-2024-5665 The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-36393 SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9.9 | CRITICAL | — | 0 |
| CVE-2023-49224 Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. | 8.0 | HIGH | — | 0 |
| CVE-2024-5221 The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and ou... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5259 The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to,... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5329 The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including,... | 8.8 | HIGH | — | 0 |
| CVE-2024-5038 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-30369 A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC.... | 7.8 | HIGH | — | 0 |
| CVE-2024-5188 The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_event... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5673 Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS through the fm_current_dir parameter of index.php. An attacker could send a specially crafte... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-5489 The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-36779 Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5675 Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-30374 Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion... | 7.8 | HIGH | — | 0 |
| CVE-2024-5684 An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the pas... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-34832 Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36106 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumer... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-35178 The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows use... | 7.5 | HIGH | — | 0 |
| CVE-2024-36399 Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a... | 8.2 | HIGH | — | 0 |
| CVE-2024-37150 An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different doma... | 7.6 | HIGH | — | 0 |
| CVE-2024-37152 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentic... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-37156 The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.