5.4

CVSS3.1

CVE-2024-3818 - Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Co…

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up to, and including, 4.5.9 due to insufficient input sanitization and output escaping on user supplied …

πŸ“… Published: April 19, 2024, 2:34 a.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

6.1

CVSS3.1

CVE-2024-3615 - Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's'

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s…

πŸ“… Published: April 19, 2024, 2:34 a.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

0.0

CVE-2024-3975 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: April 19, 2024, 2:30 a.m. πŸ”„ Last Modified: Feb. 11, 2025, 2:15 a.m.

6.4

CVSS3.1

CVE-2024-3598 - ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_i…

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated …

πŸ“… Published: April 19, 2024, 1:57 a.m. πŸ”„ Last Modified: April 8, 2026, 7:21 p.m.

6.4

CVSS3.1

CVE-2024-3560 - LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scrip…

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at…

πŸ“… Published: April 19, 2024, 1:57 a.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

7.5

CVSS3.1

CVE-2024-23526 -

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

πŸ“… Published: April 19, 2024, 1:10 a.m. πŸ”„ Last Modified: May 6, 2025, 6:30 p.m.

9.8

CVSS3.1

CVE-2024-22061 -

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands

πŸ“… Published: April 19, 2024, 1:10 a.m. πŸ”„ Last Modified: May 6, 2025, 7:23 p.m.

7.5

CVSS3.1

CVE-2024-23529 -

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

πŸ“… Published: April 19, 2024, 1:10 a.m. πŸ”„ Last Modified: May 6, 2025, 7:08 p.m.

7.5

CVSS3.1

CVE-2024-23528 -

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.

πŸ“… Published: April 19, 2024, 1:10 a.m. πŸ”„ Last Modified: May 6, 2025, 6:58 p.m.

8.8

CVSS3.1

CVE-2024-25000 -

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

πŸ“… Published: April 19, 2024, 1:10 a.m. πŸ”„ Last Modified: Dec. 16, 2025, 6:13 p.m.
Total resulsts: 349182
Page 10207 of 34,919
Β« previous page Β» next page
Filters