|
249601
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated att…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-10814
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249602
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10770
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249603
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10669
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249604
|
- |
|
-
|
-
|
The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts…
|
-
|
CVE-2024-10667
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249605
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate esca…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9226
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249606
|
8.8 |
HIGH
Network
|
-
|
-
|
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in al…
|
CWE-862
Missing Authorization
|
CVE-2024-10674
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249607
|
8.8 |
HIGH
Network
|
-
|
-
|
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-10673
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249608
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10627
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249609
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up …
|
CWE-22
Path Traversal
|
CVE-2024-10626
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249610
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions…
|
CWE-22
Path Traversal
|
CVE-2024-10625
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
