Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11280 |
Description: The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-10356 |
Description: The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-56011 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov | IMBAA GmbH Responsive Google Maps | by imbaa allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through 1.2.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56009 |
Description: Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56007 |
Description: Missing Authorization vulnerability in Ram Segev Leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through 2.6.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56005 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through 3.10.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56004 |
Description: Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56003 |
Description: Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56001 |
Description: Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-55999 |
Description: Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|