Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4087
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes...
NA
CVE-2024-5501
The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_one_id’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output...
NA
CVE-2023-6382
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user ...
NA
CVE-2024-3564
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level acc...
NA
CVE-2024-3565
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user suppl...
NA
CVE-2024-4711
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for a...
NA
CVE-2024-2933
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. ...
NA
CVE-2024-34005
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
NA
CVE-2024-34003
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
NA
CVE-2024-34004
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »