Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv3
CVE-2024-3489
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthentic...
NA
CVE-2024-34897
CVE-2024-34897
1 Github repository
NA
CVE-2024-34899
WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).
6.4
CVSSv3
CVE-2024-3490
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This ...
7.5
CVSSv3
CVE-2024-34905
FlyFish v3.0.0 exists to contain a buffer overflow via the password parameter on the login page. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted input.
Cloudwise Flyfish 3.0.0
5.4
CVSSv3
CVE-2024-34906
An arbitrary file upload vulnerability in dootask v0.30.13 allows malicious users to execute arbitrary code via uploading a crafted PDF file.
Dootask Dootask 0.30.13
5.4
CVSSv3
CVE-2024-34909
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
Kykms Kykms
NA
CVE-2024-3491
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output esc...
5.4
CVSSv3
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
Technocking R-pan-scaffolding
NA
CVE-2024-34914
php-censor v2.1.4 and fixed in v.2.1.5 exists to utilize a weak hashing algorithm for its remember_key value. This allows malicious users to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »