|
305671
|
9.8 |
CRITICAL
Network
|
properfraction
|
profilepress
|
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by t…
|
CWE-287
Improper Authentication
|
CVE-2024-9947
|
2024-10-26 01:53 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305672
|
4.8 |
MEDIUM
Network
|
tuzitio
|
camaleon_cms
|
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48652
|
2024-10-26 01:51 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305673
|
5.4 |
MEDIUM
Network
|
getshortcodes
|
shortcodes_ultimate
|
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8500
|
2024-10-26 01:43 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305674
|
6.1 |
MEDIUM
Network
|
steelthemes
|
nioland
|
The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10250
|
2024-10-26 01:37 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305675
|
- |
|
-
|
-
|
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.
|
-
|
CVE-2024-48540
|
2024-10-26 01:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305676
|
6.5 |
MEDIUM
Network
|
metagauss
|
download_plugin
|
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functi…
|
CWE-862
Missing Authorization
|
CVE-2024-9829
|
2024-10-26 01:30 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305677
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-30160
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305678
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-30159
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305679
|
7.2 |
HIGH
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to ins…
|
CWE-89
SQL Injection
|
CVE-2024-30158
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305680
|
7.2 |
HIGH
Network
|
wpovernight
|
woocommerce_order_proposal
|
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of a…
|
CWE-287
Improper Authentication
|
CVE-2024-9927
|
2024-10-26 01:29 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
