|
249591
|
- |
|
-
|
-
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to,…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10801
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249592
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_set…
|
CWE-862
Missing Authorization
|
CVE-2024-10589
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249593
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10547
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249594
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6…
|
CWE-230
Improper Handling of Missing Values
|
CVE-2024-10508
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249595
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due …
|
CWE-89
SQL Injection
|
CVE-2024-9874
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249596
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & rem…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10876
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249597
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which p…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10688
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249598
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10683
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249599
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes i…
|
CWE-200
Information Exposure
|
CVE-2024-8756
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249600
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks…
|
CWE-22
Path Traversal
|
CVE-2024-10470
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
