Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-54356
WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-54355
WordPress WP Mailster plugin <= 1.8.17.0 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-54354
WordPress Termin-Kalender plugin <= 0.99.47 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-54348
WordPress Brandy theme <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-37251
WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-12443
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.07%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-11906
TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-11905
Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-11902
Slope Widgets <= 4.2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 17th, 2024 (4 months ago)

CVE-2024-11900
Portfolio – Filterable Masonry Portfolio Gallery for Professionals <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 17th, 2024 (4 months ago)