| CVE-2024-6799 | YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation | yithemes | YITH Essential Kit for WooCommerce #1 | Medium | 4.3 | 2024-07-19 07:36:45 | Deep Dive |
| CVE-2024-21155 | Oracle ZFS Storage Appliance 安全漏洞 | Oracle Corporation | Sun ZFS Storage Appliance Kit (AK) Software | Medium | 4.7 | 2024-07-16 22:40:02 | Deep Dive |
| CVE-2023-40356 | PingOne MFA Integration Kit MFA bypass | Ping Identity | PingOne MFA Integration Kit for PingFederate | - | - | 2024-07-09 15:38:56 | Deep Dive |
| CVE-2023-40702 | PingOne MFA Integration Kit MFA bypass | Ping Identity | PingOne MFA Integration Kit for PingFederate | - | - | 2024-07-09 15:38:47 | Deep Dive |
| CVE-2024-37253 | WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability | WpDirectoryKit | WP Directory Kit | Low | 2.7 | 2024-07-09 10:05:21 | Deep Dive |
| CVE-2024-37479 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability | LA-Studio | LA-Studio Element Kit for Elementor | High | 8.5 | 2024-07-02 07:40:09 | Deep Dive |
| CVE-2024-5349 | LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion | choijun | LA-Studio Element Kit for Elementor | High | 8.8 | 2024-07-02 04:31:35 | Deep Dive |
| CVE-2024-5662 | Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget | bdthemes | Ultimate Post Kit Addons for Elementor | Medium | 6.4 | 2024-06-28 08:33:29 | Deep Dive |
| CVE-2023-39993 | WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability | Wpmet | Elements kit Elementor addons | Medium | 4.3 | 2024-06-19 12:07:08 | Deep Dive |
| CVE-2024-4479 | Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-06-15 02:02:01 | Deep Dive |
| CVE-2024-35725 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability | LA-Studio | LA-Studio Element Kit for Elementor | Medium | 4.3 | 2024-06-10 07:48:05 | Deep Dive |
| CVE-2024-4431 | LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2024-05-23 03:31:17 | Deep Dive |
| CVE-2024-2637 | Insecure Loading of Code in B&R Products | B&R Industrial Automation | Scene Viewer | High | 7.2 | 2024-05-14 18:49:29 | Deep Dive |
| CVE-2024-4329 | Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | thimpress | Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor | Medium | 6.4 | 2024-05-11 06:43:41 | Deep Dive |
| CVE-2024-4606 | WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability | BdThemes | Ultimate Store Kit Elementor Addons | Medium | 5.4 | 2024-05-09 11:59:19 | Deep Dive |
| CVE-2024-34415 | WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | ThimPress | Thim Elementor Kit | Medium | 6.5 | 2024-05-09 11:34:52 | Deep Dive |
| CVE-2024-3161 | Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-05-02 16:52:03 | Deep Dive |
| CVE-2024-3819 | Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-05-02 16:52:02 | Deep Dive |
| CVE-2024-3005 | LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2024-05-02 11:02:24 | Deep Dive |
| CVE-2024-0334 | Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-05-01 12:46:31 | Deep Dive |