6.8

CVSS3.1

CVE-2024-2654 - File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the ser…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

6.4

CVSS3.1

CVE-2024-2117 - Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) …

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authe…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

4.3

CVSS3.1

CVE-2023-6965 - Pods - Custom Content Types and Fields - Missing Authorization

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode.…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:19 p.m.

6.4

CVSS3.1

CVE-2024-2504 - Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stor…

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

7.5

CVSS3.1

CVE-2024-1792 - CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection

The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-0873 - Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:19 p.m.

6.4

CVSS3.1

CVE-2024-1424 - GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cr…

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

5.3

CVSS3.1

CVE-2024-1587 - Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_conte…

The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content.

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:20 p.m.

4.3

CVSS3.1

CVE-2024-2222 - Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Delet…

The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2789 - Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentica…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.
Total resulsts: 349182
Page 10357 of 34,919
« previous page » next page
Filters