2024-05-14 | CVE-2024-29997 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-29998 | Microsoft | Unspecified vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-29999 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30000 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30001 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30002 | Microsoft | Unspecified vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30003 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30004 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30005 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30012 | | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2024-30021 | | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
2024-05-14 | CVE-2023-36640 | Fortinet | Use of Externally-Controlled Format String vulnerability in Fortinet Fortiproxy A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands | 6.7 |
2024-05-16 | CVE-2024-4279 | | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. | 6.5 |
2024-05-14 | CVE-2024-30036 | | Windows Deployment Services Information Disclosure Vulnerability | 6.5 |
2024-05-14 | CVE-2024-30043 | | Microsoft SharePoint Server Information Disclosure Vulnerability | 6.5 |
2024-05-14 | CVE-2024-30053 | | Azure Migrate Cross-Site Scripting Vulnerability | 6.5 |
2024-05-14 | CVE-2024-30054 | | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | 6.5 |
2024-05-14 | CVE-2024-30011 | | Windows Hyper-V Denial of Service Vulnerability | 6.5 |
2024-05-14 | CVE-2024-30019 | | DHCP Server Service Denial of Service Vulnerability | 6.5 |
2024-05-14 | CVE-2024-4144 | | The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. | 6.5 |
2024-05-14 | CVE-2024-4445 | | The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. | 6.5 |
2024-05-14 | CVE-2024-4448 | | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.5 |
2024-05-14 | CVE-2024-4038 | | The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. | 6.5 |
2024-05-14 | CVE-2024-4039 | | The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. | 6.5 |
2024-05-18 | CVE-2024-5088 | | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-18 | CVE-2024-4432 | | The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-18 | CVE-2024-2772 | | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-18 | CVE-2024-4698 | | The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-18 | CVE-2024-3811 | | The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-18 | CVE-2024-4849 | | The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-18 | CVE-2024-4374 | | The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-18 | CVE-2024-4891 | | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-18 | CVE-2024-4865 | | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-17 | CVE-2024-4789 | | Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. | 6.4 |
2024-05-16 | CVE-2024-3134 | | The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-16 | CVE-2024-4580 | | The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-16 | CVE-2024-4288 | | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-16 | CVE-2024-4400 | | The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-16 | CVE-2024-4617 | | The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-16 | CVE-2024-4634 | | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-16 | CVE-2024-4391 | | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-16 | CVE-2024-4478 | | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. | 6.4 |
2024-05-16 | CVE-2024-4546 | | The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-16 | CVE-2024-4635 | | The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-16 | CVE-2024-4984 | | The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-15 | CVE-2024-4702 | | The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-15 | CVE-2024-4636 | | The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-15 | CVE-2024-4208 | | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-15 | CVE-2024-4618 | | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. | 6.4 |
2024-05-15 | CVE-2024-4363 | | The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-15 | CVE-2024-4370 | | The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4666 | | The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4333 | | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4440 | | The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4473 | | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4624 | | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4542 | | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4567 | | The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4574 | | The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4630 | | The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4158 | | The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4193 | | The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4209 | | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4275 | | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4316 | | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4329 | | The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4339 | | The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4383 | | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4386 | | The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4398 | | The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4411 | | The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4430 | | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4449 | | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4481 | | The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-4487 | | The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-4490 | | The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-3680 | | The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-3831 | | The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-3923 | | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-3952 | | The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-3974 | | The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-3989 | | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-3990 | | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-3595 | | The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-2923 | | The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-2785 | | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-1166 | | The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-05-14 | CVE-2024-0445 | | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. | 6.4 |
2024-05-14 | CVE-2024-30045 | | .NET and Visual Studio Remote Code Execution Vulnerability | 6.3 |
2024-05-14 | CVE-2024-30059 | | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | 6.1 |
2024-05-14 | CVE-2024-4041 | | The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. | 6.1 |
2024-05-14 | CVE-2024-4104 | | The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-05-14 | CVE-2024-4150 | | The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scf_email’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. | 6.1 |
2024-05-14 | CVE-2024-3547 | | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_connect_error' parameter in all versions up to, and including, 1.5.102 due to insufficient input sanitization and output escaping. | 6.1 |
2024-05-16 | CVE-2024-30283 | | Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-16 | CVE-2024-30286 | | Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-16 | CVE-2024-30287 | | Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-16 | CVE-2024-20793 | | Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-16 | CVE-2024-30281 | | Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-16 | CVE-2024-30308 | | Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-16 | CVE-2024-30309 | | Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-15 | CVE-2024-30311 | | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-15 | CVE-2024-30312 | | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-15 | CVE-2024-34101 | | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-05-14 | CVE-2024-30034 | | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | 5.5 |
2024-05-14 | CVE-2024-30037 | | Windows Common Log File System Driver Elevation of Privilege Vulnerability | 5.5 |
2024-05-14 | CVE-2024-30039 | | Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
2024-05-14 | CVE-2024-30008 | | Windows DWM Core Library Information Disclosure Vulnerability | 5.5 |
2024-05-14 | CVE-2024-30016 | | Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
2024-05-14 | CVE-2023-50180 | Fortinet | Exposure of System Data to an Unauthorized Control Sphere vulnerability in Fortinet Fortiadc An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. | 5.5 |
2024-05-15 | CVE-2024-34906 | Dootask | Unrestricted Upload of File with Dangerous Type vulnerability in Dootask 0.30.13 An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | 5.4 |
2024-05-15 | CVE-2024-34909 | Kykms | Unrestricted Upload of File with Dangerous Type vulnerability in Kykms An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | 5.4 |
2024-05-15 | CVE-2024-34913 | Technocking | Unrestricted Upload of File with Dangerous Type vulnerability in Technocking R-Pan-Scaffolding An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | 5.4 |
2024-05-15 | CVE-2024-3189 | | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-05-14 | CVE-2024-30041 | | Microsoft Bing Search Spoofing Vulnerability | 5.4 |
2024-05-14 | CVE-2024-30050 | | Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
2024-05-14 | CVE-2024-3722 | | The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. | 5.4 |
2024-05-14 | CVE-2024-3956 | | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-05-14 | CVE-2024-30055 | | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 5.4 |
2024-05-15 | CVE-2024-4894 | | ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. | 5.3 |
2024-05-14 | CVE-2024-0870 | | The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0. | 5.3 |
2024-05-14 | CVE-2024-4213 | | The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. | 5.3 |
2024-05-14 | CVE-2024-4280 | | The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. | 5.3 |
2024-05-14 | CVE-2024-4444 | | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. | 5.3 |
2024-05-14 | CVE-2024-3915 | | The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. | 5.3 |
2024-05-14 | CVE-2024-3916 | | The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.3 |
2024-05-14 | CVE-2024-1229 | | The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. | 5.3 |
2024-05-14 | CVE-2023-6327 | | The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. | 5.3 |
2024-05-14 | CVE-2023-45586 | Fortinet | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios and Fortiproxy An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets. | 5.0 |
2024-05-14 | CVE-2024-28135 | | A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. | 5.0 |
2024-05-15 | CVE-2024-4656 | | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. | 4.4 |
2024-05-15 | CVE-2024-4734 | | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. | 4.4 |
2024-05-14 | CVE-2024-4417 | | The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping. | 4.4 |
2024-05-14 | CVE-2024-3068 | | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 4.4 |
2024-05-14 | CVE-2024-2846 | | The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. | 4.4 |
2024-05-16 | CVE-2024-3609 | | The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. | 4.3 |
2024-05-16 | CVE-2024-4204 | | The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. | 4.3 |
2024-05-15 | CVE-2024-4199 | | The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. | 4.3 |
2024-05-15 | CVE-2024-0437 | | The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. | 4.3 |
2024-05-14 | CVE-2024-4312 | | The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. | 4.3 |
2024-05-14 | CVE-2024-4314 | | The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3. | 4.3 |
2024-05-14 | CVE-2024-4463 | | The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. | 4.3 |
2024-05-14 | CVE-2024-4082 | | The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. | 4.3 |
2024-05-14 | CVE-2024-4103 | | The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. | 4.3 |
2024-05-14 | CVE-2024-1693 | | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. | 4.3 |
2024-05-14 | CVE-2024-1467 | | The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). | 4.3 |