Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8679 |
Description: The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54260 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlazeThemes News Kit Elementor Addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through 1.2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54255 |
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode allows Phishing.This issue affects Login Widget With Shortcode: from n/a through 6.1.2.
CVSS: MEDIUM (4.7) EPSS Score: 0.06%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54254 |
WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54253 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.6.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54251 |
Description: Missing Authorization vulnerability in Prodigy Commerce Prodigy Commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through 3.0.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54247 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addons and Templates for Elementor: from n/a through 2.0.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54232 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rrdevs RRAddons for Elementor allows Stored XSS.This issue affects RRAddons for Elementor: from n/a through 1.1.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54230 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPRealizer Unlock Addons for Elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor: from n/a through 1.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-54228 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebOccult Technologies Pvt Ltd Wot Elementor Widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through 1.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|