|
309611
|
5.4 |
MEDIUM
Network
|
mailoptin
|
mailoptin
|
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all ve…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8628
|
2024-09-27 01:42 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309612
|
9.1 |
CRITICAL
Network
|
exthemes
|
wooevents
|
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, a…
|
CWE-22
Path Traversal
|
CVE-2024-8671
|
2024-09-27 01:38 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309613
|
5.4 |
MEDIUM
Network
|
wp-brandtheme
|
preloader_plus
|
The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6849
|
2024-09-27 01:36 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309614
|
- |
|
-
|
-
|
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.
|
-
|
CVE-2024-44825
|
2024-09-27 01:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309615
|
9.8 |
CRITICAL
Network
|
code-projects
|
student_record_system
|
A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of th…
|
CWE-89
SQL Injection
|
CVE-2024-9080
|
2024-09-27 01:32 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309616
|
9.8 |
CRITICAL
Network
|
code-projects
|
student_record_system
|
A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument co…
|
CWE-89
SQL Injection
|
CVE-2024-9079
|
2024-09-27 01:32 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309617
|
9.8 |
CRITICAL
Network
|
code-projects
|
student_record_system
|
A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument…
|
CWE-89
SQL Injection
|
CVE-2024-9078
|
2024-09-27 01:31 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309618
|
4.3 |
MEDIUM
Network
|
infiniteuploads
|
big_file_uploads
|
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing …
|
CWE-22
Path Traversal
|
CVE-2024-8538
|
2024-09-27 01:28 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309619
|
9.8 |
CRITICAL
Network
|
wpcharitable
|
charitable
|
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. Thi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8791
|
2024-09-27 01:25 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309620
|
5.3 |
MEDIUM
Network
|
ba-booking
|
ba_book_everything
|
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a u…
|
NVD-CWE-Other
|
CVE-2024-8794
|
2024-09-27 01:23 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
