Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-9706 |
Description: The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-9705 |
Description: The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54213 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54212 |
WordPress Magical Addons For Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54211 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54210 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54207 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54206 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-53826 |
Description: Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-53825 |
Description: Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.
CVSS: MEDIUM (4.7) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|