Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-54240
WordPress Blaze Online eParcel for WooCommerce plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Online Blaze Online eParcel for WooCommerce allows Reflected XSS.This issue affects Blaze Online eParcel for WooCommerce: from n/a through 1.3.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54239
WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability
Description: Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54238
WordPress Board Document Manager from CHUHPL plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Colin Tomele Board Document Manager from CHUHPL allows Reflected XSS.This issue affects Board Document Manager from CHUHPL: from n/a through 1.9.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54237
WordPress Ni CRM Lead plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54236
WordPress Ni WooCommerce Bulk Product Editor plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54235
WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54234
WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54233
WordPress Advanced Control Manager plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54231
WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Order Export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through 3.1.6.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-12581
Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting
Description: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVSS: MEDIUM (4.4)

EPSS Score: 0.05%

Source: CVE
December 14th, 2024 (6 months ago)