4.3

CVSS3.1

CVE-2024-1904 - MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose dr…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

0.0

CVE-2024-3512 -

**DUPLICATE*** Please use CVE-2024-2583 instead.

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 25, 2024, 1:15 p.m.

4.3

CVSS3.1

CVE-2024-1637 - 360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings Update

The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or …

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-3514 -

**DUPLICATE** Please use CVE-2024-1846 instead.

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 24, 2024, 5:15 p.m.

8.8

CVSS3.1

CVE-2023-6967 - Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparati…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:17 p.m.

6.4

CVSS3.1

CVE-2024-3053 - Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributo…

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it pos…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

6.4

CVSS3.1

CVE-2024-3064 - Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored …

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-1974 - HT Mega – Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files o…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

6.4

CVSS3.1

CVE-2024-2492 - PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting…

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contrib…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

6.4

CVSS3.1

CVE-2024-0376 - Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting v…

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenti…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:17 p.m.
Total resulsts: 349182
Page 10366 of 34,919
« previous page » next page
Filters