|
251791
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9650
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251792
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9214
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251793
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10176
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251794
|
- |
|
-
|
-
|
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8312
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251795
|
- |
|
-
|
-
|
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious craf…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-6826
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251796
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and includin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8717
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251797
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible …
|
CWE-200
Information Exposure
|
CVE-2024-10050
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251798
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due …
|
CWE-352
Origin Validation Error
|
CVE-2024-9943
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251799
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent…
|
CWE-285
Improper Authorization
|
CVE-2024-9531
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251800
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activ…
|
CWE-862
Missing Authorization
|
CVE-2024-8667
|
2024-10-25 21:56 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
