4.3

CVSS3.1

CVE-2024-33683 - WordPress Hide Dashboard Notifications plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerabโ€ฆ

Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3.

๐Ÿ“… Published: April 26, 2024, 10:33 a.m. ๐Ÿ”„ Last Modified: April 28, 2026, 4:09 p.m.

9.8

CVSS3.1

CVE-2024-0740 - Eclipse Target Management <= 4.5.500 Command Injection

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03

๐Ÿ“… Published: April 26, 2024, 9:36 a.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 9:16 p.m.

5.3

CVSS3.1

CVE-2024-3682 - WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract โ€ฆ

๐Ÿ“… Published: April 26, 2024, 9:29 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-1789 -

The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admโ€ฆ

๐Ÿ“… Published: April 26, 2024, 8:29 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-3962 - Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppomโ€ฆ

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary filesโ€ฆ

๐Ÿ“… Published: April 26, 2024, 8:29 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 6:21 p.m.

5.3

CVSS3.1

CVE-2024-2920 - WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticโ€ฆ

๐Ÿ“… Published: April 26, 2024, 7:28 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-3678 - Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.

๐Ÿ“… Published: April 26, 2024, 7:28 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 5:18 p.m.

6.4

CVSS3.1

CVE-2024-3890 - Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting viaโ€ฆ

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attaโ€ฆ

๐Ÿ“… Published: April 26, 2024, 7:28 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 5:18 p.m.

8.9

CVSS3.1

CVE-2023-6116 - Remote Code Execution without authentication using stack overflow

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report fโ€ฆ

๐Ÿ“… Published: April 26, 2024, 7:23 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.9

CVSS3.1

CVE-2024-33642 - WordPress Advanced Post List plugin <= 0.5.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1.

๐Ÿ“… Published: April 26, 2024, 7:21 a.m. ๐Ÿ”„ Last Modified: April 28, 2026, 4:09 p.m.
Total resulsts: 349182
Page 10157 of 34,919
ยซ previous page ยป next page
Filters