6.1

CVSS3.1

CVE-2024-8735 - MailMunch โ€“ Grow your Email List <= 3.1.8 - Reflected Cross-Site Scripting

The MailMunch โ€“ Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unauthenticated attackers to inject arbitrary webโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 5:33 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 5:16 p.m.

6.1

CVSS3.1

CVE-2024-11225 - Premium Packages โ€“ Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via addโ€ฆ

The Premium Packages โ€“ Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to injโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 5:33 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-10034 - Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightโ€ฆ

The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient inputโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 5:33 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-11601 - Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, โ€ฆ

The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect noโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 5:33 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 4:55 p.m.

4.3

CVSS3.1

CVE-2024-11355 - Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (โ€ฆ

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-leveโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 5:33 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-11104 - Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, โ€ฆ

The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_optionsโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 5:33 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 4:43 p.m.

6.4

CVSS3.1

CVE-2024-11381 - Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 5:33 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.7

CVSS3.1

CVE-2024-38296 -

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentialโ€ฆ

๐Ÿ“… Published: Nov. 22, 2024, 2:58 a.m. ๐Ÿ”„ Last Modified: Feb. 4, 2025, 4:05 p.m.

5.5

CVSS3.0

CVE-2024-47142 -

AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.

๐Ÿ“… Published: Nov. 22, 2024, 12:14 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.0

CVE-2024-45837 -

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.

๐Ÿ“… Published: Nov. 22, 2024, 12:13 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 7757 of 34,919
ยซ previous page ยป next page
Filters