|
309691
|
5.4 |
MEDIUM
Network
|
squirrly
|
starbox
|
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, whi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8239
|
2024-10-8 00:48 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309692
|
4.8 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8189
|
2024-10-8 00:44 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309693
|
4.8 |
MEDIUM
Network
|
godaddy
|
coblocks
|
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7132
|
2024-10-8 00:44 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309694
|
5.4 |
MEDIUM
Network
|
gutentor
|
gutentor
|
The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5417
|
2024-10-8 00:44 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309695
|
6.1 |
MEDIUM
Network
|
stape
|
gtm_server_side
|
The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8712
|
2024-10-8 00:43 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309696
|
6.1 |
MEDIUM
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to …
|
CWE-79
Cross-site Scripting
|
CVE-2024-6020
|
2024-10-8 00:42 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309697
|
4.8 |
MEDIUM
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6888
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309698
|
4.8 |
MEDIUM
Network
|
mansurahamed
|
chatbot_support_ai
|
The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6722
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309699
|
8.8 |
HIGH
Network
|
skyselang
|
yyladmin
|
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component …
|
CWE-89
SQL Injection
|
CVE-2024-9293
|
2024-10-8 00:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309700
|
7.5 |
HIGH
Network
|
hcltech
|
hcl_nomad
|
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-23586
|
2024-10-8 00:30 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
