Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3548
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-3630
The HL Twitter WordPress plugin up to and including 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example...
NA
CVE-2024-3822
The Base64 Encoder/Decoder WordPress plugin up to and including 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NA
CVE-2024-3406
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF check in place when updating its email settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
NA
CVE-2024-3407
The WP Prayer WordPress plugin up to and including 2.0.9 does not have CSRF checks in some places, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks
NA
CVE-2024-3749
The SP Project & Document Manager WordPress plugin up to and including 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
NA
CVE-2024-3748
The SP Project & Document Manager WordPress plugin up to and including 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
NA
CVE-2024-4208
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and o...
NA
CVE-2024-4894
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote malicious users to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables malicious users to probe internal network information.
NA
CVE-2024-4893
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote malicious users to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »