3.5

CVSS3.1

CVE-2024-3541 - Campcodes Church Management System admin_user.php cross site scripting

A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h…

📅 Published: April 10, 2024, 5:31 a.m. 🔄 Last Modified: Feb. 19, 2025, 6:42 p.m.

6.3

CVSS3.1

CVE-2024-3540 - Campcodes Church Management System add_sundaysch.php sql injection

A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exp…

📅 Published: April 10, 2024, 5 a.m. 🔄 Last Modified: July 12, 2025, 10:09 p.m.

6.3

CVSS3.1

CVE-2024-3539 - Campcodes Church Management System addgiving.php sql injection

A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. Th…

📅 Published: April 10, 2024, 5 a.m. 🔄 Last Modified: July 12, 2025, 10:44 p.m.

4.7

CVSS3.1

CVE-2024-2428 - The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to pe…

📅 Published: April 10, 2024, 5 a.m. 🔄 Last Modified: May 8, 2025, 9:13 p.m.

4.3

CVSS3.1

CVE-2023-6385 - WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF

The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs.

📅 Published: April 10, 2024, 5 a.m. 🔄 Last Modified: May 19, 2025, 1:36 p.m.

6.3

CVSS3.1

CVE-2024-3538 - Campcodes Church Management System addTithes.php sql injection

A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been d…

📅 Published: April 10, 2024, 4:31 a.m. 🔄 Last Modified: July 12, 2025, 10:45 p.m.

7.2

CVSS3.1

CVE-2024-3020 - Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Gri…

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present…

📅 Published: April 10, 2024, 4:30 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-1042 - WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization…

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers…

📅 Published: April 10, 2024, 4:30 a.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

5.3

CVSS3.1

CVE-2024-3235 - Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure

The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts tha…

📅 Published: April 10, 2024, 4:30 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2736 - Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contribu…

📅 Published: April 10, 2024, 4:30 a.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.
Total resulsts: 349182
Page 10340 of 34,919
« previous page » next page
Filters