|
307051
|
8.3 |
HIGH
Network
|
-
|
-
|
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forger…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2012-10018
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307052
|
- |
|
-
|
-
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9873
|
2024-10-16 15:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307053
|
7.7 |
HIGH
Network
|
podman_project
redhat
fedoraproject
|
podman
enterprise_linux
openshift_container_platform
fedora
|
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-3056
|
2024-10-16 14:15 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307054
|
- |
|
-
|
-
|
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.
|
-
|
CVE-2024-10018
|
2024-10-16 12:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307055
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugi…
|
CWE-862
Missing Authorization
|
CVE-2024-9891
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307056
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization a…
|
-
|
CVE-2024-9652
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307057
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9647
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307058
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on use…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9521
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307059
|
8.1 |
HIGH
Network
|
-
|
-
|
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_passwo…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9305
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307060
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimat…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9105
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
