The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...
8.8CVSS
7.8AI Score
0.001EPSS
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...
8.8AI Score
0.001EPSS
The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
6.1AI Score
0.001EPSS
CVE-2024-4984 Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
5.7AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: djvulibre-3.5.28-9.fc40
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 38 Update: djvulibre-3.5.28-6.fc38
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 39 Update: djvulibre-3.5.28-7.fc39
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
TT Custom Post Type Creator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The TT Custom Post Type Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Table Maker <= 1.9.1 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Table Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject...
5.9AI Score
0.0004EPSS
Viet Nam Affiliate <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Viet Nam Affiliate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Configure Login Timeout <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Configure Login Timeout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Description The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.71 due to insufficient input sanitization and output escaping. This makes it possible for...
5.9AI Score
0.0004EPSS
Description The Pootle Pagebuilder – WordPress Page builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
5.9AI Score
0.0004EPSS
QuickieBar <= 1.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The QuickieBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
5.9AI Score
0.0004EPSS
Viet Affiliate Link <=1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Viet Affiliate Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Featured Content Gallery <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Featured Content Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Heateor Social Login WordPress < 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,.....
5.8AI Score
0.0004EPSS
BlogLentor <= <=1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The BlogLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
5.9AI Score
0.0004EPSS
Pk Favicon Manager <=2.1 - Authenticated (Admin+) Arbitrary File Upload
Description The Pk Favicon Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on....
8AI Score
0.0004EPSS
Shared Files < 1.7.20 - Missing Authorization
Description The Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.19. This makes it possible for...
7AI Score
ShortPixel Adaptive Images < 3.8.4 - Cross-Site Request Forgery
Description The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the import-settings page. This makes it possible for unauthenticated attackers to import.....
6.6AI Score
0.0004EPSS
Description The Forty Four – 404 Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with.....
5.7AI Score
0.0004EPSS
Description The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.9AI Score
0.0004EPSS
WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload
Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload.....
8.2AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Easy Affiliate Links < 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Easy Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to....
5.9AI Score
0.0004EPSS
Description The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 1.1.35 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Thim Elementor Kit < 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
5.9AI Score
0.0004EPSS
DS Site Message <= 1.14.4 - Cross-Site Request Forgery
Description The DS Site Message plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.14.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via.....
6.6AI Score
0.0004EPSS
Brozzme Scroll Top <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Brozzme Scroll Top plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Aiomatic < 1.9.4 - Missing Authorization
Description The Aiomatic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.9.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...
6.7AI Score
Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Block in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Page Title in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Description The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.9AI Score
0.0004EPSS
Sticky Social Link <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Sticky Social Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Debug Info <= 1.3.10 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Debug Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
5.9AI Score
0.0004EPSS
Description The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
5.9AI Score
0.0004EPSS
Gold Addons for Elementor < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Gold Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
Description The canvasio3D Light plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...
8AI Score
0.0004EPSS
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Unauthenticated Information Exposure
Description The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.4 via exported files. This makes it possible for...
7AI Score
0.0004EPSS
Better Elementor Addons < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,....
5.9AI Score
0.0004EPSS
Form Maker by 10Web < 1.15.25 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it...
5.9AI Score
0.0004EPSS
Move Addons for Elementor < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
AI Engine: ChatGPT Chatbot < 2.2.70 - Authenticated (Editor+) Arbitrary File Upload
Description The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2.63. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected....
8AI Score
0.0004EPSS
Description The Simple Website Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
AWSOM News Announcement <= 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The AWSOM News Announcement plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
WP Favorite Posts <= 1.6.8 - Cross-Site Request Forgery
Description The WP Favorite Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via....
6.6AI Score
0.0004EPSS
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Cross-Site Request Forgery
Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on the pageSettingsUpdate() function. This makes it possible for...
6.6AI Score
0.0004EPSS
Easy Digital Downloads < 3.2.12 - Cross-Site Request Forgery
Description The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.11. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
6.7AI Score
0.0004EPSS
Comments Evolved for WordPress <= 1.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Comments Evolved for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.8AI Score
0.0004EPSS