|
307871
|
6.1 |
MEDIUM
Network
|
outtheboxthemes
|
beam_me_up_scotty
|
The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8741
|
2024-10-3 01:37 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307872
|
8.8 |
HIGH
Network
|
ferrislucas
|
promptr
|
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
|
CWE-94
Code Injection
|
CVE-2024-46489
|
2024-10-3 01:24 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307873
|
6.1 |
MEDIUM
Network
|
pierros
|
kodex_posts_likes
|
The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8713
|
2024-10-3 01:22 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307874
|
9.8 |
CRITICAL
Network
|
artbees
|
jupiter_x_core
|
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This ma…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-7781
|
2024-10-3 01:21 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307875
|
5.5 |
MEDIUM
Local
|
asg017
|
sqlite-vec
|
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46488
|
2024-10-3 01:21 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307876
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2024-5480
|
2024-10-3 01:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307877
|
9.8 |
CRITICAL
Network
|
artbees
|
jupiter_x_core
|
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This m…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7772
|
2024-10-3 01:10 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307878
|
6.5 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insuffici…
|
CWE-89
SQL Injection
|
CVE-2024-8621
|
2024-10-3 01:10 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307879
|
6.1 |
MEDIUM
Network
|
xtendify
|
simple_calendar
|
The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8549
|
2024-10-3 01:04 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307880
|
6.1 |
MEDIUM
Network
|
ellevo
|
ellevo
|
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
|
CWE-79
Cross-site Scripting
|
CVE-2024-46655
|
2024-10-3 00:40 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
