Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53819
WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.0 - Insecure Direct Object References (IDOR) vulnerability
Description: Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.0.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-53818
WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-53816
WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-53814
WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-53798
WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability
Description: Missing Authorization vulnerability in BAKKBONE Australia FloristPress.This issue affects FloristPress: from n/a through 7.3.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-53791
WordPress Lenxel Core plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS allows Stored XSS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-53785
WordPress Chatter plugin <= 1.0.1 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-52480
WordPress Jobify plugin <= 4.2.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-52391
WordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-52385
WordPress Team Member – Multi Language Supported Team plugin <= 7.3 - Limited Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)