7.2

CVSS3.1

CVE-2024-1774 - Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting

The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-1641 - Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with cont…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-1289 - LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obta…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

8.8

CVSS3.1

CVE-2024-2342 - Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticat…

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

4.3

CVSS3.1

CVE-2024-2033 - Video Conferencing with Zoom <= 4.4.5 - Sensitive Information Exposure

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, ema…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-2302 - Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) …

The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

6.4

CVSS3.1

CVE-2024-2185 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting…

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

7.2

CVSS3.1

CVE-2024-1852 - WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject …

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

6.4

CVSS3.1

CVE-2024-2187 - Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting…

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribu…

📅 Published: April 9, 2024, 6:58 p.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

3.6

CVSS3.1

CVE-2024-2918 -

Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.

📅 Published: April 9, 2024, 6:42 p.m. 🔄 Last Modified: March 28, 2025, 4:20 p.m.
Total resulsts: 349182
Page 10367 of 34,919
« previous page » next page
Filters