VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-17
CVE-2024-9951
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-17
CVE-2024-9351
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1.
network
low complexity
CWE-352
4.3
4.3
2024-10-17
CVE-2024-9352
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1.
network
low complexity
CWE-352
4.3
4.3
2024-10-17
CVE-2024-7417
Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch.
network
low complexity
royal-elementor-addons
4.3
4.3
2024-10-17
CVE-2024-8719
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-17
CVE-2024-9347
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2024-10-17
CVE-2024-45766
Unspecified vulnerability in Dell Openmanage Enterprise 3.5/3.6.1/3.8.4
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability.
network
low complexity
dell
8.8
8.8
2024-10-17
CVE-2024-45767
Unspecified vulnerability in Dell Openmanage Enterprise 3.5/3.6.1/3.8.4
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability.
network
low complexity
dell
6.5
6.5
2024-10-17
CVE-2024-9215
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key.
network
low complexity
CWE-639
8.8
8.8
2024-10-17
CVE-2024-9240
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902.
network
low complexity
6.1
6.1
«
Previous
1
2
...
516
517
518
(current)
519
520
...
16062
16063
»
Next