Show filters
307,533 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-4838
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
0
Attacker Value
Unknown
CVE-2024-4634
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-4617
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-4400
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-4385
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-4288
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-35302
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
0
Attacker Value
Unknown
CVE-2024-35301
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
0
Attacker Value
Unknown
CVE-2024-35300
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
0
Attacker Value
Unknown
CVE-2024-35299
Disclosure Date: May 16, 2024 (last updated May 16, 2024)
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
0
