Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30312
Acrobat Reader versions 20.005.30574, 24.002.20736 and previous versions Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation o...
NA
CVE-2024-30311
Acrobat Reader versions 20.005.30574, 24.002.20736 and previous versions Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation o...
NA
CVE-2024-4010
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it pos...
NA
CVE-2024-4636
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization an...
NA
CVE-2024-3634
The month name translation benaceur WordPress plugin prior to 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e...
NA
CVE-2024-3823
The Base64 Encoder/Decoder WordPress plugin up to and including 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow malicious users to make logged in admin add Stored XSS payloads via a CSRF attack
NA
CVE-2024-3405
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3629
The HL Twitter WordPress plugin up to and including 2014.1.18 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3824
The Base64 Encoder/Decoder WordPress plugin up to and including 0.9.2 does not have CSRF check in place when resetting its settings, which could allow malicious users to make a logged in admin reset them via a CSRF attack
NA
CVE-2024-3631
The HL Twitter WordPress plugin up to and including 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow malicious users to make logged in admins perform such actions via a CSRF attack
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »