|
305351
|
8.8 |
HIGH
Network
|
-
|
-
|
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in al…
|
CWE-862
Missing Authorization
|
CVE-2024-10674
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305352
|
8.8 |
HIGH
Network
|
-
|
-
|
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-10673
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305353
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10627
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305354
|
8.8 |
HIGH
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up …
|
CWE-22
Path Traversal
|
CVE-2024-10626
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305355
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions…
|
CWE-22
Path Traversal
|
CVE-2024-10625
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305356
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklis…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9775
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305357
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8960
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305358
|
- |
|
-
|
-
|
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restriction…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10779
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305359
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it poss…
|
CWE-862
Missing Authorization
|
CVE-2024-10588
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305360
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and…
|
CWE-862
Missing Authorization
|
CVE-2024-10294
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
