|
312591
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8719
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312592
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authen…
|
CWE-200
Information Exposure
|
CVE-2024-7417
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312593
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from su…
|
CWE-75
Special Element Injection
|
CVE-2024-9940
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312594
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-co…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9862
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312595
|
8.1 |
HIGH
Network
|
-
|
-
|
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being…
|
-
|
CVE-2024-9861
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312596
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
|
-
|
CVE-2024-9240
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312597
|
8.8 |
HIGH
Network
|
-
|
-
|
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Ta…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9215
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312598
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker w…
|
CWE-89
SQL Injection
|
CVE-2024-45767
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312599
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could pot…
|
CWE-94
Code Injection
|
CVE-2024-45766
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312600
|
- |
|
-
|
-
|
RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation wit…
|
CWE-20
CWE-74
Improper Input Validation
Injection
|
CVE-2024-48918
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
