CVEs from 2024
Total
6,593
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22146 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Str… | |||
| CVE-2024-22297 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.This issue affects CBX Map for … | |||
| CVE-2024-22295 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects … | |||
| CVE-2024-22292 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.2.8. | |||
| CVE-2024-22310 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.7. | |||
| CVE-2024-22302 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line:… | |||
| CVE-2024-23505 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer &… | |||
| CVE-2024-23502 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts allows Stored XSS… | |||
| CVE-2024-22137 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Conta… | |||
| CVE-2024-21745 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payme… | |||
| CVE-2024-21744 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: fro… | |||
| CVE-2024-27891 | medium | 5.3 | 5.3 | 2d ago | On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgo… | |||
| CVE-2024-28765 | medium | 5.3 | 5.3 | 11d ago | IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message … | |||
| CVE-2024-54017 | medium | 5.3 | 5.3 | 26d ago | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6… | |||
| CVE-2024-12796 | medium | 5.3 | 5.3 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Holistic IT, Consultancy Coop. Workcube ERP allows Reflected XSS. This issue affects Work… | |||
| CVE-2024-56006 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1. | |||
| CVE-2024-12133 | medium | 5.3 | 5.3 | 1y ago | Moderate: libtasn1 security update | |||
| CVE-2024-12243 | medium | 5.3 | 5.3 | 1y ago | RHSA-2025:4051: gnutls security update (Moderate) | |||
| CVE-2024-58135 | medium | 5.3 | 5.3 | 1y ago | Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate a… | |||
| CVE-2024-13798 | medium | 5.3 | 5.3 | 1y ago | The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verificatio… | |||
| CVE-2024-13821 | medium | 5.3 | 5.3 | 1y ago | The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properl… | |||
| CVE-2024-56277 | medium | 5.3 | 5.3 | 1y ago | Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through < 5.5.5. | |||
| CVE-2024-52391 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | |||
| CVE-2024-7488 | medium | 5.3 | 5.3 | 2y ago | Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Orderin… | |||
| CVE-2024-24858 | medium | 5.3 | 5.3 | 2y ago | A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to… | |||
| CVE-2024-35823 | medium | 5.3 | 5.3 | 2y ago | Important: kernel security update | |||
| CVE-2024-40647 | medium | 5.3 | 5.3 | 2y ago | Sentry's Python SDK unintentionally exposes environment variables to subprocesses | |||
| CVE-2024-37270 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1. | |||
| CVE-2024-3264 | medium | 5.3 | 5.3 | 2y ago | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation. This issue affects Mia-Med Health Ap… | |||
| CVE-2024-38587 | medium | 5.3 | 5.3 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (w… | |||
| CVE-2024-35682 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. | |||
| CVE-2024-32521 | medium | 5.3 | 5.3 | 2y ago | Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6. | |||
| CVE-2024-35171 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. | |||
| CVE-2024-35165 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue affects Gutenify: from n/a through 1.4.0. | |||
| CVE-2024-34550 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17. | |||
| CVE-2024-34549 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.2.2. | |||
| CVE-2024-30459 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. | |||
| CVE-2024-33908 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. | |||
| CVE-2024-34372 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7. | |||
| CVE-2024-34368 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12. | |||
| CVE-2024-33910 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | |||
| CVE-2024-34383 | medium | 5.3 | 5.3 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1. | |||
| CVE-2024-34382 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. | |||
| CVE-2024-33929 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6. | |||
| CVE-2024-33920 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3. | |||
| CVE-2024-33941 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1. | |||
| CVE-2024-33922 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | |||
| CVE-2024-33587 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a … | |||
| CVE-2024-33586 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20. | |||
| CVE-2024-33596 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16. | |||
| CVE-2024-33652 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1. | |||
| CVE-2024-33575 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0. | |||
| CVE-2024-33538 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from… | |||
| CVE-2024-32826 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0. | |||
| CVE-2024-0874 | medium | 5.3 | 5.3 | 2y ago | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | |||
| CVE-2024-32678 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5. | |||
| CVE-2024-32677 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. | |||
| CVE-2024-32823 | medium | 5.3 | 5.3 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4. | |||
| CVE-2024-32788 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. | |||
| CVE-2024-32716 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8. | |||
| CVE-2024-32691 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. | |||
| CVE-2024-32686 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3. | |||
| CVE-2024-32601 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8. | |||
| CVE-2024-1350 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | |||
| CVE-2024-32532 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in SiteGround Speed Optimizer.This issue affects Speed Optimizer: from n/a through 7.4.6. | |||
| CVE-2024-32518 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0. | |||
| CVE-2024-32513 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. | |||
| CVE-2024-31432 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8. | |||
| CVE-2024-24850 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | |||
| CVE-2024-31242 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | |||
| CVE-2024-31230 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2. | |||
| CVE-2024-31353 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |||
| CVE-2024-31302 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | |||
| CVE-2024-31297 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | |||
| CVE-2024-31095 | medium | 5.3 | 5.3 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0. | |||
| CVE-2024-30523 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add … | |||
| CVE-2024-30463 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. | |||
| CVE-2024-30514 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: … | |||
| CVE-2024-30511 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. | |||
| CVE-2024-30469 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | |||
| CVE-2024-25923 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. | |||
| CVE-2024-22138 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47. | |||
| CVE-2024-24805 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. | |||
| CVE-2024-24845 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. | |||
| CVE-2024-1436 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slid… | |||
| CVE-2024-1525 | medium | 5.3 | 5.3 | 2y ago | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Und… | |||
| CVE-2024-34397 | medium | 5.2 | 5.2 | 2y ago | RHSA-2025:11327: glib2 security update (Moderate) | |||
| CVE-2024-45157 | medium | 5.1 | 5.1 | 2y ago | An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not… | |||
| CVE-2024-38739 | medium | 5.1 | 5.1 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FameThemes OnePress allows Stored XSS.This issue affects OnePress: from n/a through 2.3.8. | |||
| CVE-2024-33590 | medium | 5.0 | 5.0 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n… | |||
| CVE-2024-47271 | medium | 4.9 | 4.9 | 11d ago | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privi… | |||
| CVE-2024-47269 | medium | 4.9 | 4.9 | 11d ago | Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with adm… | |||
| CVE-2024-47268 | medium | 4.9 | 4.9 | 11d ago | Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtai… | |||
| CVE-2024-32775 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. | |||
| CVE-2024-32955 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212. | |||
| CVE-2024-32819 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14. | |||
| CVE-2024-30532 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.This issue affects Builderall Builder for WordPress: from n/a through 2.0.1. | |||
| CVE-2024-30531 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0. | |||
| CVE-2024-21747 | medium | 4.9 | 4.9 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounti… | |||
| CVE-2024-7016 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor's allows Stored XSS required admin privileges. This iss… |