Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53801 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-53799 |
Description: Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-53797 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-53796 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-53795 |
Description: Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-53794 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-4633 |
Description: The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-37476 |
Description: Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-29776 |
Description: Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-12110 |
Description: The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|