|
252061
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The mani…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9904
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252062
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9903
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252063
|
- |
|
-
|
-
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/wid…
|
CWE-200
Information Exposure
|
CVE-2024-8902
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252064
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is …
|
CWE-89
SQL Injection
|
CVE-2024-8757
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252065
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9696
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252066
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9595
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252067
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8915
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252068
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to…
|
CWE-94
Code Injection
|
CVE-2024-8760
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252069
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in ver…
|
-
|
CVE-2024-9756
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252070
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9704
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
