VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-05-25
CVE-2024-30056
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
network
low complexity
7.1
7.1
2024-05-25
CVE-2024-4045
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
2024-05-25
CVE-2024-4858
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0.
network
low complexity
5.3
5.3
2024-05-25
CVE-2024-5229
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
6.4
6.4
2024-05-25
CVE-2024-5220
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
2024-05-24
CVE-2024-4455
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping.
network
low complexity
7.2
7.2
2024-05-24
CVE-2024-4037
The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003.
network
low complexity
6.5
6.5
2024-05-24
CVE-2024-4366
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
2024-05-24
CVE-2024-0893
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0.
network
low complexity
4.3
4.3
2024-05-24
CVE-2024-1332
The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping.
network
low complexity
6.4
6.4
«
1
(current)
2
3
4
5
...
21477
21478
»
Next