Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54279 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54257 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54249 |
WordPress Advanced Options Editor plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54229 |
Description: Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-5333 |
Description: The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-37251 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-37222 |
Description: Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-12443 |
Description: The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.07%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-11906 |
Description: The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-11905 |
Description: The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 17th, 2024 (4 months ago)
|