Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-27456 |
Description: Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2023-25988 |
Description: Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2023-22697 |
Description: Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
Description: WordPress Plugin "My WP Customize Admin/Frontend" contains a cross-site scripting vulnerability.
December 13th, 2024 (4 months ago)
|
|
CVE-2024-9881 |
Description: The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-9641 |
Description: The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-9428 |
Description: The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-12526 |
Description: The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-12463 |
Description: The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-12461 |
Description: The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|