Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-51636 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS).
This issue affects GMO Social Connection: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-37094 |
Description: Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects MasterStudy LMS: from n/a through 3.2.12.
CVSS: HIGH (8.2) EPSS Score: 0.09%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-1754 |
Description: The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-12015 |
Description: The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.
CVSS: HIGH (7.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-3371 |
Description: The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.
CVSS: MEDIUM (5.3) EPSS Score: 0.16%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53783 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53787 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53760 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Capitalize My Title allows Stored XSS.This issue affects Capitalize My Title: from n/a through 0.5.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53752 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation allows Stored XSS.This issue affects Stripe Donation: from n/a through 1.2.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53750 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|