Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5410
CyberDanube Security Research 20240528-0 | Multiple Vulnerabilities in ORing IAP-420
NA
CVE-2024-5411
CyberDanube Security Research 20240528-0 | Multiple Vulnerabilities in ORing IAP-420
5.4
CVSSv3
CVE-2024-3269
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated malicious users to uninsta...
6.4
CVSSv3
CVE-2024-2253
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attr...
5.4
CVSSv3
CVE-2024-3190
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escapin...
6.4
CVSSv3
CVE-2024-3063
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. T...
6.4
CVSSv3
CVE-2024-5223
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output esca...
NA
CVE-2024-35469
CVE-2024-35469 Submitter: Kha Do Human Resource Management System 1.0 Vulnerability SQL injection Description SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allow attackers to execute arbitrary SQL commands via the password parame...
1 Github repository
NA
CVE-2024-35468
CVE-2024-35468 Submitter: Kha Do Human Resource Management System 1.0 Vulnerability SQL injection Description SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allow attackers to execute arbitrary SQL commands via the password pa...
1 Github repository
6.4
CVSSv3
CVE-2024-3726
The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attri...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »