VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-07-24
CVE-2024-41914
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.
network
low complexity
CWE-79
critical
9.0
9.0
2024-07-24
CVE-2024-7068
Cross-site Scripting vulnerability in Insurance Management System Project Insurance Management System 1.0
A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0.
network
low complexity
insurance-management-system-project
CWE-79
4.6
4.6
2024-07-24
CVE-2024-3896
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
2024-07-24
CVE-2024-5818
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
6.4
6.4
2024-07-24
CVE-2024-6896
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
2024-07-24
CVE-2024-6930
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
6.4
6.4
2024-07-24
CVE-2024-6553
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on.
network
low complexity
5.3
5.3
2024-07-24
CVE-2024-6571
The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1.
network
low complexity
5.3
5.3
2024-07-24
CVE-2024-6629
The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
6.4
6.4
2024-07-24
CVE-2024-6836
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6.
network
low complexity
4.3
4.3
«
Previous
1
2
(current)
3
4
5
...
21701
21702
»
Next