|
309131
|
- |
|
-
|
-
|
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash th…
|
-
|
CVE-2024-21538
|
2024-11-19 23:15 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309132
|
- |
|
-
|
-
|
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9830
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309133
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.243. This …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9777
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309134
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11224
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309135
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11198
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309136
|
8.8 |
HIGH
Network
|
-
|
-
|
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigure…
|
-
|
CVE-2024-11194
|
2024-11-19 21:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309137
|
- |
|
-
|
-
|
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11195
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309138
|
7.3 |
HIGH
Network
|
-
|
-
|
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form A…
|
CWE-94
Code Injection
|
CVE-2024-11038
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309139
|
7.3 |
HIGH
Network
|
-
|
-
|
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_e…
|
CWE-94
Code Injection
|
CVE-2024-11036
|
2024-11-19 20:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309140
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11098
|
2024-11-19 17:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
