Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2024
CVE-2024-38705
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-20
CVE-2024-38710
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-20
CVE-2024-38711
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-07-20
CVE-2024-38687
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techfyd Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.5.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-20
CVE-2024-38681
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-20
CVE-2024-38674
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 3.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-20
CVE-2024-6491
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-20
CVE-2024-6489
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-20
CVE-2024-40348
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
CVSS Score
8.2
EPSS Score
0.91
Published
2024-07-20
CVE-2024-40347
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved