Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53797 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-53796 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-53795 |
Description: Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-53794 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-4633 |
Description: The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-37476 |
Description: Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-29776 |
Description: Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-12110 |
Description: The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-12060 |
Description: The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-12028 |
Description: The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|