9.8

CVSS3.1

CVE-2024-29006 - Apache CloudStack: x-forwarded-for HTTP header parsed by default

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade …

πŸ“… Published: April 4, 2024, 7:48 a.m. πŸ”„ Last Modified: March 27, 2025, 8:15 p.m.

5.3

CVSS3.1

CVE-2024-1418 - CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled.

πŸ“… Published: April 4, 2024, 5:34 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-2008 - Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributo…

The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated at…

πŸ“… Published: April 4, 2024, 2:32 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2919 - Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+)…

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it …

πŸ“… Published: April 4, 2024, 2:32 a.m. πŸ”„ Last Modified: April 8, 2026, 7:21 p.m.

6.4

CVSS3.1

CVE-2024-2830 - WordPress Tag and Category Manager – AI Autotagger <= 3.13.0 - Authenticated (Contributor+) Stored …

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi…

πŸ“… Published: April 4, 2024, 2:32 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2803 - ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vi…

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at…

πŸ“… Published: April 4, 2024, 1:56 a.m. πŸ”„ Last Modified: April 8, 2026, 7:21 p.m.

4.4

CVSS3.1

CVE-2024-3030 - Announce from the Dashboard <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level p…

πŸ“… Published: April 4, 2024, 1:56 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2868 - ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (forme…

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to ins…

πŸ“… Published: April 4, 2024, 1:56 a.m. πŸ”„ Last Modified: April 8, 2026, 5:18 p.m.

7.2

CVSS3.1

CVE-2024-3022 - BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authent…

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to u…

πŸ“… Published: April 4, 2024, 1:56 a.m. πŸ”„ Last Modified: April 8, 2026, 5:18 p.m.

5.3

CVSS3.1

CVE-2024-3274 - D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulatio…

πŸ“… Published: April 4, 2024, 1:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10435 of 34,919
Β« previous page Β» next page
Filters