|
249531
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes i…
|
CWE-200
Information Exposure
|
CVE-2024-8756
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249532
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks…
|
CWE-22
Path Traversal
|
CVE-2024-10470
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249533
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated att…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-10814
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249534
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10770
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249535
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10669
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249536
|
- |
|
-
|
-
|
The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts…
|
-
|
CVE-2024-10667
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249537
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate esca…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9226
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249538
|
8.8 |
HIGH
Network
|
-
|
-
|
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in al…
|
CWE-862
Missing Authorization
|
CVE-2024-10674
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249539
|
8.8 |
HIGH
Network
|
-
|
-
|
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-10673
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249540
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10627
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
