Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2083 |
Description: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
CVSS: MEDIUM (4.3) EPSS Score: 0.08%
December 4th, 2024 (6 months ago)
|
|
CVE-2024-53784 |
Description: Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53775 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53761 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53751 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53741 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53721 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53709 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53708 |
Description: Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53707 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|