Search Results (363285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24419 1 Strategy11 1 Formidable Form Builder 2024-11-21 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.
CVE-2023-24417 1 Tiggerswelt 1 Worthy 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
CVE-2023-24415 1 Quantumcloud 1 Chatbot 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
CVE-2023-24413 1 I13websolution 1 Wordpress Vertical Image Slider 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.
CVE-2023-24412 1 Web-settler 1 Image Social Feed 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.
CVE-2023-24405 1 Wpplugin 1 Paypal \& Stripe Add-on 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
CVE-2023-24401 1 Davidsword 1 Mobile Call Now \& Map Buttons 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.
CVE-2023-24397 1 Reservation 1 Reservation.studio 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.
CVE-2023-24396 1 Vikwp 1 Vikbooking Hotel Booking Engine \& Pms 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.
CVE-2023-24395 1 Wpplugin 1 Contact Form 7 Redirect \& Thank You Page 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.
CVE-2023-24394 1 Iframe Project 1 Iframe 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.
CVE-2023-24393 1 Wpmart 1 Animated Number Counters 2024-11-21 6.5 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.
CVE-2023-24391 1 Spiderteams 1 Applyonline - Application Form Builder And Manager 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.
CVE-2023-24390 1 Wesecur 1 Wesecur 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.
CVE-2023-24389 1 Brandid 1 Social Proof \(testimonial\) Slider 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.
CVE-2023-24385 1 Davidlingren 1 Media Library Assistant 2024-11-21 5.9 Medium
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.
CVE-2023-24381 1 Nsthemes 1 Advanced Social Pixel 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.
CVE-2023-24294 1 Zumtobel 2 Netlink Ccd, Netlink Ccd Firmware 2024-11-21 7.5 High
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.
CVE-2023-24256 1 Nio 3 Aspen, Ec6, Ec6 Aspen 2024-11-21 7.8 High
An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.
CVE-2023-24229 1 Draytek 2 Vigor2960, Vigor2960 Firmware 2024-11-21 7.8 High
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.