CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10568 |
Description: The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-10518 |
Description: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-10517 |
Description: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-10499 |
Description: The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-10043 |
Description: An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-10010 |
Description: The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2023-39599 |
Description: Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 13th, 2024 (6 months ago)
|
|
CVE-2023-34666 |
Description: Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 13th, 2024 (6 months ago)
|
|
CVE-2023-34548 |
Description: Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.
CVSS: LOW (0.0) EPSS Score: 0.21%
December 13th, 2024 (6 months ago)
|
|
CVE-2023-33438 |
Description: A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 13th, 2024 (6 months ago)
|