6.4

CVSS3.1

CVE-2024-1465 - Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vi…

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authen…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

5.3

CVSS3.1

CVE-2024-2340 - Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

9.8

CVSS3.1

CVE-2024-1813 - Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via Job Application Fields

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

7.5

CVSS3.1

CVE-2024-1934 - WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

6.4

CVSS3.1

CVE-2024-2026 - Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protecto…

The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

6.4

CVSS3.1

CVE-2024-2343 - Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

4.9

CVSS3.1

CVE-2024-1790 - Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary …

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2536 - Rank Math SEO with AI SEO Tools <= 1.0.214 - Authenticated(Contributor+) Stored Cross-Site Scriptin…

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

5.3

CVSS3.1

CVE-2024-0899 - s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Memb…

The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-2693 - Link Whisper Free <= 0.7.1 - Authenticated (Contributor+) PHP Object Injection

The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, t…

📅 Published: April 9, 2024, 6:59 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10360 of 34,919
« previous page » next page
Filters