0.0

CVE-2024-3702 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: April 12, 2024, 9:30 a.m. πŸ”„ Last Modified: Feb. 11, 2025, 2:15 a.m.

7.2

CVSS3.1

CVE-2024-3054 - WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the …

πŸ“… Published: April 12, 2024, 9:30 a.m. πŸ”„ Last Modified: April 8, 2026, 7:21 p.m.

8.8

CVSS3.1

CVE-2024-3211 - Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist…

πŸ“… Published: April 12, 2024, 9:30 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-31371 - WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.

πŸ“… Published: April 12, 2024, 9:28 a.m. πŸ”„ Last Modified: April 28, 2026, 4:09 p.m.

4.3

CVSS3.1

CVE-2024-31372 - WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1.

πŸ“… Published: April 12, 2024, 9:27 a.m. πŸ”„ Last Modified: April 28, 2026, 4:09 p.m.

10

CVSS3.1

CVE-2024-3400 - PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the f…

πŸ“… Published: April 12, 2024, 7:20 a.m. πŸ”„ Last Modified: Nov. 4, 2025, 4:49 p.m.

4.8

CVSS3.1

CVE-2023-45186 - IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d…

πŸ“… Published: April 12, 2024, 2:45 a.m. πŸ”„ Last Modified: March 7, 2025, 12:36 p.m.

6.4

CVSS3.1

CVE-2024-2801 - Shopkeeper Extender <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…

πŸ“… Published: April 12, 2024, 2:33 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2137 - All-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Si…

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. Thi…

πŸ“… Published: April 12, 2024, 2:33 a.m. πŸ”„ Last Modified: April 8, 2026, 5:18 p.m.

5.4

CVSS3.1

CVE-2023-50307 - IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi…

πŸ“… Published: April 12, 2024, 2:30 a.m. πŸ”„ Last Modified: March 7, 2025, 12:36 p.m.
Total resulsts: 349182
Page 10315 of 34,919
Β« previous page Β» next page
Filters