Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-1055 The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and includ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-0977 The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget ... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-1110 The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0842 The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/rest... | 7.5 | HIGH | — | 0 |
| CVE-2024-1122 The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() fu... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47648 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. | 4.7 | MEDIUM | — | 0 |
| CVE-2024-0593 The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and includin... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-1361 The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the api... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1810 The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due t... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-1710 The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. ... | 8.8 | HIGH | — | 0 |
| CVE-2024-1323 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insuffici... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1686 The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout funct... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1687 The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1907 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAja... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1568 The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possibl... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-6922 The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' funct... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1514 The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6565 The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for una... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-6806 The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-6923 The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-0379 The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or inco... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-0438 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insu... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-0442 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-0602 The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-0616 The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0792 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-0907 The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0983 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1128 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1242 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient in... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1318 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-1334 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce valida... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1337 The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and inclu... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1339 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce valida... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1390 The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1447 The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1448 The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insuf... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1178 The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-1782 The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitiz... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-1760 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is ... | 4.3 | MEDIUM | — | 0 |
| CVE-2006-2832 Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the... | N/A | NONE | — | 0 |
| CVE-2024-1771 The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-1366 The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including,... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1870 The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, an... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-4628 The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it poss... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-47331 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Mult... | 9.3 | CRITICAL | — | 0 |
| CVE-2024-47353 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a t... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-4731 The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This m... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2031 The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 d... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-4839 The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This m... | 4.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.