5.4
CVE-2024-3818 - Essential Blocks β Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Coβ¦
The Essential Blocks β Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied β¦
6.1
CVE-2024-3615 - Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's'
The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sβ¦
0.0
CVE-2024-3975 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.4
CVE-2024-3598 - ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_iβ¦
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
6.4
CVE-2024-3560 - LearnPress β WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripβ¦
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atβ¦
7.5
CVE-2024-23526 -
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
9.8
CVE-2024-22061 -
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
7.5
CVE-2024-23529 -
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
7.5
CVE-2024-23528 -
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
8.8
CVE-2024-25000 -
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.