Total
277647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30868 | 1 Cms Tree Page View Project | 1 Cms Tree Page View | 2025-01-09 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions. | ||||
| CVE-2023-31233 | 1 Baidu Tongji Generator Project | 1 Baidu Tongji Generator | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions. | ||||
| CVE-2023-32515 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions. | ||||
| CVE-2023-30780 | 1 Theguidex | 1 User Ip And Location | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TheGuideX User IP and Location plugin <= 2.2 versions. | ||||
| CVE-2024-0376 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-09 | 6.4 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-23999 | 1 Monsterinsights | 1 Google Analytics Dashboard | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions. | ||||
| CVE-2023-27423 | 1 Mijnpress | 1 Auto Prune Posts | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions. | ||||
| CVE-2023-27430 | 1 Mijnpress | 1 Mass Delete Unused Tags | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions. | ||||
| CVE-2025-0342 | 2025-01-09 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2023-25698 | 1 Studiowombat | 1 Shoppable Images | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions. | ||||
| CVE-2023-24414 | 1 Robosoft | 1 Robogallery | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions. | ||||
| CVE-2023-23890 | 1 Ljapps | 1 Wp Airbnb Review Slider | 2025-01-09 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions. | ||||
| CVE-2023-22689 | 1 Autoaffiliatelinks | 1 Auto Affiliate Links | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | ||||
| CVE-2023-32589 | 1 Pingonline | 1 Dyslexiefont Free | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. | ||||
| CVE-2022-47134 | 1 Gallery Metabox Project | 1 Gallery Metabox | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions. | ||||
| CVE-2024-43655 | 2025-01-09 | N/A | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The attacker will first need to find the name of the script, and needs a (low privilege) account to gain access to the script, or convince a user with such access to execute a request to it. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | ||||
| CVE-2023-23813 | 1 My Calendar Project | 1 My Calendar | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions. | ||||
| CVE-2023-23712 | 1 User-meta | 1 User Meta Manager | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. | ||||
| CVE-2023-23680 | 1 Wp Topbar Project | 1 Wp Topbar | 2025-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions. | ||||
| CVE-2023-22688 | 1 Wp Tabs Slides Project | 1 Wp Tabs Slides | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. | ||||