Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22026
CVE-2024-22026 Exploit POC for CVE-2024-22026 affecting Ivanti EPMM "MobileIron Core"
1 Github repository
NA
CVE-2024-4010
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it pos...
NA
CVE-2024-4636
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization an...
NA
CVE-2024-3405
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3407
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF checks in some places, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks
NA
CVE-2024-3548
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-3629
The HL Twitter WordPress plugin up to and including 2014.1.18 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3631
The HL Twitter WordPress plugin up to and including 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow malicious users to make logged in admins perform such actions via a CSRF attack
NA
CVE-2024-3748
The SP Project & Document Manager WordPress plugin up to and including 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
NA
CVE-2024-3749
The SP Project & Document Manager WordPress plugin up to and including 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »