|
249921
|
4.3 |
MEDIUM
Adjacent
|
enelx
|
waybox_pro_firmware
|
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
|
NVD-CWE-noinfo
|
CVE-2023-29116
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249922
|
6.5 |
MEDIUM
Adjacent
|
enelx
|
waybox_pro_firmware
|
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
|
NVD-CWE-noinfo
|
CVE-2023-29115
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249923
|
5.4 |
MEDIUM
Network
|
xplodedthemes
|
xt_floating_cart_for_woocommerce
|
The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9178
|
2024-11-9 01:03 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249924
|
5.4 |
MEDIUM
Network
|
bdthemes
|
element_pack
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget'…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9867
|
2024-11-9 01:00 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249925
|
5.4 |
MEDIUM
Network
|
bdthemes
|
element_pack
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9657
|
2024-11-9 01:00 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249926
|
4.3 |
MEDIUM
Network
|
g5plus
|
ultimate_bootstrap_elements_for_elementor
|
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' functio…
|
NVD-CWE-noinfo
|
CVE-2024-10329
|
2024-11-9 00:59 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249927
|
7.3 |
HIGH
Network
|
tickera
|
tickera
|
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users t…
|
CWE-94
Code Injection
|
CVE-2024-10263
|
2024-11-9 00:59 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249928
|
9.8 |
CRITICAL
Network
|
widgilabs
|
plugin_propagator
|
Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-50495
|
2024-11-9 00:58 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249929
|
4.3 |
MEDIUM
Network
|
themeum
|
wp_crowdfunding
|
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
|
CWE-862
Missing Authorization
|
CVE-2024-43937
|
2024-11-9 00:57 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249930
|
5.3 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displ…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-51739
|
2024-11-9 00:56 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
