Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2024-28676
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-13
CVE-2024-28677
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28678
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28679
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-13
CVE-2024-28680
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-13
CVE-2024-28681
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28682
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28683
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-13
CVE-2024-2000
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-03-13
CVE-2024-2006
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS Score
8.8
EPSS Score
0.019
Published
2024-03-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved